Advanced  managed  services,  automated  change  man¬ 
agement,  application  optimization, SOA  governance  . . . 
read  all  about  the  hottest  tools  and  strategies  in  our  lat¬ 
est  New  Data  Center  supplement,  fourth  in  a  six-part 
series.  Starts  after  PAGE  60. 


Dashboards 
called  a  key 
to  net  mgmt. 

BY  ANN  BEDNARZ 
AND  DENISE  DUBIE 


NETWORKWORLD 


Introducing  the  Network  World 
Security  Buyer’s  Guide 
Live  Today 


Cisco  may  adopt 
unbundled  pricing 


IT  executives  are  finding  dash¬ 
boards  that  let  them  quickly 
gauge  the  effect  of  interrelated 
events  and  take  corrective  action 
can  make  staff  more  productive 
and  keep  key  systems  humming. 

According  to  Forrester  Research 
estimates,  companies  could  re¬ 
duce  IT  budgets  by  as  much  as 
30%  with  integrated  management 
dashboards  that  link  critical  data 
from  infrastructure  monitoring 
software,  application  portfolio 
management  and  project  man¬ 
agement  tools. 

Creating  such  an  automated 
dashboard  is  a  priority  for  Arun 

See  Dashboard,  page  10 


The  industry's  one-stop  shop  for 
network  security  product  research. 

►  Prom  anti-spam  to  wireless  LAN  security,  we've  compiled 
detailed  information  on  hundreds  of  security  products  and 
services  on  the  market.  We've  categorized  each  product  into 
more  than  20  specific  security  market  segments,  so  you 
can  drill  down,  compare  and  contrast  products  in  only  the 
areas  you  need.  Vendors  can  update  product  information  or 
add  new  products  to  the  listing  anytime,  making  this  Buyer’s 
Guide  the  industry's  most  comprehensive,  up-to-date  map 
of  the  security  product  marketplace. 

www.nwdocfinder.com/4082 


Some  users  might  pay 
more,  but  flexibility 
seen  as  a  benefit. 

BY  PHIL  HOCHMUTH 

LAS  VEGAS  —  Cisco  last  week  said  it  was 
considering  unbundling  network  software 
from  its  current  hardware  platforms  —  a 
move  that  could  end  up  costing  users 
more  but  could  give  them  increased  flexi¬ 
bility  in  buying  and  configuring  the  com¬ 
pany’s  gear. 


Verizon  to  upgrade 
network,  services 


Getting 
to  the 
root  of 
rootkits 

Winternals' 

Mark  Russinovich,  who  blew  the 
whistle  on  the  Sony  CD  rootkit  last 
year,  speaks  out  on  how  bad  the 
rootkit  problem  is  and  what  you  can 
do  about  it.  Page  17. 


BY  JIM  DUFFY 

CARY  N.C. — Verizon  Business  is 
readying  major  changes  to  its  net¬ 
work  designed  to  result  in  a  faster, 
more  reliable  system  capable  of 
supporting  next-generation  ser¬ 
vices  for  enterprises,  such  as 
Ethernet, VoIP  and  IP-based  video- 
conferencing. 

This  summer,  the  former  MCI 


will  implement  pseudowires,  a 
technique  for  encapsulating 
frame  relay,  ATM  and  other  old 
data  access  circuits  in  Ethernet 
for  transmission  through  an 
IP/MPLS  core. This  should  reduce 
costs  for  enterprise  customers  as 
well  as  help  them  migrate  to 
Ethernet,  according  to  Fred 
Briggs,  executive  vice  president  of 
network  operations  and  technol¬ 
ogy.  Ethernet  generally  provides  a 
lower  cost  per  bit  than  traditional 
private  line  services,  and  consoli¬ 
dating  access  over  one  circuit 
should  lower  costs  as  well. 

“Ethernet  and  Layer  2  switching 
are  becoming  the  dominant  [ac¬ 
cess]  architecture,”  Briggs  said  last 
week  during  a  conference  with 
the  media  at  Verizon  Business’ 
global  network  management 
See  Verizon,  page  16 


SEE  OUR  AD  ON  PAGE  75 


ENTERPRISE  DATA  PROTECTION 


Cisco  floated  the  idea  of  decoupling  the 
sale  of  IOS  software,  network  hardware  and 
SMARTnet  maintenance  contracts  at  its 
Networkers  user  conference,  which  drew 
more  than  10,000  customers  to  the  Las 
Vegas  Convention  Center.  Though  not  pub¬ 
licly  announced,  the  software  evolution 
idea  comes  as  Cisco  looks  to  become 
more  of  a  software  and  applications  ven¬ 
dor.  It  already  has  sold  millions  of  licenses 
for  unified  communications,  network  man¬ 
agement  and  security  applications  and  has 

See  Cisco,  page  12 


Matt  vs. 
the  volcano 


How  does  a  Harvard 
professor  install  a  wireless 
network  amid  all  that  lava? 

BY  NEAL  WEINBERG 

Reventador,  located  in 
northern  Ecuador,  is  an 
active  volcano.  In  2002  it 
erupted  with  such  massive 
force  that  it  blanketed  Quito, 
Ecuador’s  capital  city  60  miles 
to  the  west,  with  a  layer  of  ash 
so  thick  the  airport  had  to 
shut  down. 

Today  it  blows  its  stack  with 
lesser  force  but  with  great  fre¬ 
quency.  And  just  as  storm 
chasers  want  to  be  where  the 
cows  are  flying  around,  volca¬ 
nologists  want  to  be  as  close 


as  they  can  get  to  1 1 ,500-foot 
peaks  that  spew  grapefruit¬ 
sized  molten  rocks  several 
times  a  day 

What  scientists  want  even 
more  than  taking  in  the  sights 
and  sounds,  however,  is  gather¬ 
ing  precise  records  of  seismic 
activity  and  studying  the  data, 
which  is  where  Matt  Welsh, 
assistant  professor  of  com¬ 
puter  science  at  Harvard 

See  Volcano,  page  14 
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(IF  THE  NEW  DUAL-CORE  INTEL®  XEON®  PROCESSOR  WERE  AN  ATHLETE 
WE'D  BE  LOOKING  AT  SOME  SERIOUS  ENDORSEMENT  DEALS.) 


INTRODUCING  THE  DUAL-CORE  INTEL®  XEON®  PROCESSOR  FOR  SERVERS. 

.  Up  to  80%  more  performance  per  watt  than  the  competition*  20  leading  performance  benchmarks. 
:  Ijp  to  60%  faster  with  significantly  lower  energy  consumption  than  the  competition.  All  that 
‘and  the  best  two-way  platform  for  virtualization.  Intel®  Core™  Microarchitecture.  It's  the  future. 

Ilearn  more  at  intel.com/xeon 
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(100%  MORE  HIGH-FIVES  IN  THE  SERVER  ROOM.) 


Up  to  60%  faster  with  significantly  lower  energy  consumption  than  the  competition.  All  that 
and  the  best  two-way  platform  for  virtualization.  Intel®  Core™  Microarchitecture.  It's  the  future. 
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»  Are  your  remote  and  branch  office  users  fightin’  mad  about  poor  application 

performance?  Don’t  get  frustrated,  get  Juniper  Networks’  award-winning  application 
acceleration  solutions  -  and  dramatically  improve  the  performance  of  your  web  site 
and  networked  apps.  Then  everyone  will  enjoy  a  dramatically  better  network  experience, 
while  you  improve  productivity  and  reduce  network  and  infrastructure  costs.  Visit 
www.juniper.net/freetrial  for  your  free  trial  and  customized  Network  Health  Report. 
Quick,  Juniper  your  net. 
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News 

8  Reaction  positive  to  changes  at  Novell. 

8  Three  IPS  products  pass  ICSA  Labs  test. 

8  MessageLabs  updates  hosted  Web  security. 

10  Altiris  integrates  application  virtualization  wares. 

15  Wi-fi  hacked  in  'digital  drive-by.' 

16  Intel  hopes  to  stem  AMD  Ode. 

17  One  man's  fight  against  rootkits. 

95  Symantec  plans  early-warning  system. 
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21  WAN  improvements  speed 
hospital  network. 

21  Inter-Tel  bolsters  Linux-based  IP 
PBX. 

22  Kevin  Tolly:  LAN  switches: 
What  Dell  did  right. 

22  IPv6  makes  itself  known  to 
U.3.  corporations. 
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27  Broker  banks  on  smart  phone 
application. 

27  VMware  acquires  start-up. 

29  Network  Appliance  enters  SMB 
storage  market  with  new  array. 

29  Platform  Computing  flexes  grid 
software. 

Application  Services 

31  Start-up  offers  event- 
processing  software. 

31  Quest  adds  directory  manage¬ 
ment  console,  SQL  tools. 

32  IBM  pushes  contract  mgmt. 

33  Scott  Bradner:  Are  VoIP  and 
CALEA  incompatible? 

NetWorker 

35  Telework  advocates  defend  work- 
at-home  plans. 

35  Barriers  remain  for  U.S. 
government  telecommuters. 


Service  Providers 

37  Providers  cast  wider  anti¬ 
phishing  network. 

37  Johna  Till  Johnson:  The  R&D 

funding  crisis. 

Technology  Update 

41  Protocol  measures  IP 
performance. 

41  Steve  Blass:  Ask  Dr.  Internet. 

42  Mark  Gibbs:  Real  tools  for  real 
geeks. 

42  Keith  Shaw:  Cool  tools,  gizmos 
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Opinions 

46  On  Technology:  Key  to 

innovation. 

47  Ira  Brodsky:  Steering  802.11n 
between  icebergs. 

47  Linda  Musthaler:  Skilled 
worker  shortage:  fact  or  fiction? 
96  BackSpin:  The  layers  of  network 
hell. 

96  'Net  Buzz:  Dot-com  cops  ICANN, 
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Management 

Strategies 

89  Storage  staffing  and  spend¬ 
ing:  ThelnfoPro  study  shows  backup 
chews  big  chunks  of  budget. 


COOL  TOOLS 

BlueConsole2  lets  you  con¬ 
nect  from  a  mobile  device  to 
manage  or  configure  any 
serial  device.  Page  42 


Advanced  managed 
services,  automated 
change  management,  ^ 
application  optimizatii  in, 
SOA  governance^ . 
read  all  about  the  hott  est 
management  toolsanfe  / 


I  I  IUI  lUCjvl  I  IUI  II  IOUIO  I  * 

strategies  in  our  late's  t 
New  Data  Center 
supplement,  fourth  in  a 
six-part  series. 

Our  special  coverage 
begins  after  page  60. 
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Forum:  Novell's  future 

With  Jack  Messman  out,  where  is 
the  company  headed?  Discuss  in 
our  Novell/Messman  forum. 

DocFinder:  4072 

ITVideo:  Fujitsu's  new  ultra-thin 
laptop 

Cool  Tools  Editor  Keith  Shaw  gets  a 
peek  at  Fujitsu's  new  “executive 
jewelry,"  the  ultra-thin  LifeBook 
Q2010,  from  special  guest  Paul 
Moore.  Plus,  see  the  T4210  tablet 
PC  with  360  degree  screen  swivel. 
DocFinder:  4074 


‘Mac  vs.  PC'  ads  miss  the  mark 

News  Editor  Paul  McNamara 
explains  why  those  new  Apple  ads 
are  insulting  the  very  people  they 
target. 

DocFinder:  4073 

Web-based  applications  and 
Firefox 

On  IT  Borderlands,  Columnist  Ken 
Fasimpaur  marvels  at  a  mqjor  online 
accounting  application  that  doesn't 
play  nice  with  Firefox. 

DocFinder:  4075 


Online  help  and  advice 


When  wireless  routers  keep  failing 

Help  desk  guru  Ron  Nutter  helps  a 
user  who  can't  seem  to  keep  the 
routers  working. 

DocFinder:  4076 

The  best  EAP  type  to  use  when 
setting  up  an  enterprise  WLAN 

Joshua  Wright  of  the  Wireless 
Vulnerabilities  and  Exploits  project, 
answers  the  question. 

DocFinder:  4077 

Why  the  digital  camera  is  bad 
news  for  storage 

Storage  newsletter  writer  Mike 
Karp  explains  the  connection 


between  the  two  —  it's  the  users' 
insatiable  need  for  storage  for  all 
those  photos.  DocFinder:  3951 

The  problem  with  production 
spreadsheets 

Security  newsletter  writer  M.E, 
Kabay  discusses  the  problems  that 
can  crop  up  with  these  seemingly 
straightforward  applications. 

DocFinder:  4078 

SMB  freebies  and  low-cost  tools 

Columnist  James  Gaskin  takes  a 
look  at  free  and  low-cost  applica¬ 
tions  and  services  that  can  prove 
useful.  DocFinder:  4079 


Seminars  and  events 


Clear  Choice  Test: 

Network  Monitoring.  Longitude  3.0  from 
Heroix  offers  agentless  monitoring.  Page  56. 

Sector  Spotlight: 

Online  banking.  Financial  firms  tap  multifactor  authentication 
to  give  customers  an  added  level  of  protection.  Page  59. 
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There  will  be  no  regular  issue  of  Hetwork  World  the  week  of 
July  3.  For  daily  updates  on  the  network  industry,  go  to  our 
Web  site  at  www.networkworld.com.  The  next  scheduled  print 
issue  will  be  July  10. 


Upcoming  VoIP  Technology  Tour  Hits  New  York 

The  VoIP  Payoff:  Convergence  &  Collaboration  —  Capitalizing 
on  the  New  Benefits  of  Real-time  Networks  is  coming  on 
June  29  to  New  York.  Experience  a  chain  reaction  of  benefits 
from  VoIP  to  unified  messaging,  wireless  VoIP,  real-time  Web, 
audio,  video  and  collaborative  applications.  Act  fast  and  qualify  now  at: 
DocFinder:  4080 
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Go  online  for  breaking  news  every  day.  DocFinder  1001 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 
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to  the  requested  information. 
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In-flight  'Net  service  may  be  grounded 


TheGoodTheBadTheUgly 


■  Published  reports  last  week  indicated  Boeing  may  soon  dump  its  in-flight 
Internet  venture  Connexion  because  the  service  hasn’t  generated  a  profit  in  six 
years.  Citing  people  familiar  with  the  situation,  The  Wall  Street  Journal  reported 
that  Boeing  has  inquired  with  a  number  of  commercial-satellite  operators  and 
other  potential  suitors  who  might  be  interested  in  buying  the  business  or  becom-  f 


<  A  fast  and  chilly  chip.  Researchers 
have  pushed  a  silicon-based  microprocessor  to  speeds  of 
500  GHz,  more  than  250  times  faster  than  a  typical 
commercial  chip  in  a  cell  phone.  A  team  of  scientists 
from  IBM  and  Georgia  Tech  used  liquid  helium  to  freeze 
their  microprocessor  to  minus  451  degrees  Fahrenheit, 
making  sure  the  chip  wouldn't  melt  when  cranked  up  to  a 
high  speed. 


ing  a  major  partner.  If  Boeing  can’t  find  a  suitable  buyer  or  partner,  the  services 
could  end.  Connexion  enables  passengers  to  have  high-speed  Internet  hookups,  via 
satellite,  in-flight  at  a  cost  of  $10  to  $27.  Boeing  said  it  was  evaluating  the  long-term 
business  model  for  Connexion  to  assess  what’s  best  for  both  the  business  and  its 
customers.  Published  reports  say  the  lack  of  business  is  largely  caused  by  disinterest 


Bare  facts  about  World  Cup.  Soccer  purists  can 
breathe  a  sigh  of  relief:  There  is  no  Naked  World  Cup.  IT  professionals, 
on  the  other  hand,  may  want  to  be  a  little  more  vigilant,  as  a  new 
e-mail  worm  is  on  the  loose  that  preys  on  the  intense  worldwide  inter¬ 
est  in  the  international  sporting  event.  Victims  receive  messages  with 
subjects  such  as  "Naked  World  Cup  game  set,"  or  “Soccer  fans  killed 
five  teens,"  and  are  encouraged  to  click  on  an  e-mail  attachment, 
which  appears  to  be  an  image. 


from  U.S.  airlines  in  outfitting  their  fleets  with  the  system.  International  carriers, 
including  Lufthansa,  Japan  Airlines  and  Singapore  Airlines,  offer  the  service. 


Nortel  names  Roese  its  new  CTO 

■  Nortel  last  week  named  industry  veteran  John 
Roese  as  its  CTO.  Roese  will  be  responsible  for  the 
company’s  overall  R&D  strategy  and  execution, 
directing  future  research  across  all  products.  In 
addition,  he  will  work  with  Chief  Strategy  Officer 
George  Riedel  on  emerging  technologies,  market 
opportunities  and  strategic  partnerships.  Roese  is 
the  final  appointment  to  CEO  Mike  Zafirovski’s 
senior  leadership  team,  which  Zafirovski  began 
building  shortly  after  he  was  named  CEO  last  year. 
Roese  has  almost  two  decades  of  experience  in 
networking  and  security,  VolR  wireless  technology 
and  machine-to-machine  communications.  In 
addition,  Roese  is  the  inventor  on  16  granted  and 
pending  patents  in  the  area  of  policy  manage¬ 
ment,  location-based  networking  and  other  areas 
of  communications.  Roese  comes  to  Nortel  from 
Broadcom,  where  he  was  vice  president  and  CTO 
for  network  technologies  with  a  focus  on  unified 
communications. 

FTC  admits  to  missing  laptop 

n  The  U.S.  Federal  Trade  Commission  is  notifying  1 10 
people  that  two  laptop  computers  containing  their 
personal  data  were  stolen  from  a  locked  vehicle. The 


{quote  o 

quote  o 

quote  o 


the  wee 

e  wee 

ne  wee 


th 

t 


“The  bottom  line  is,  don’t  trust 
your  ability  to  clean  your 
machine  of  a  rootkit.  You've  got 
to  assume  the  worst.” 

Mark  Russinovich,  founder  of  software  vendor  Winternals  and 
discoverer  of  the  Sony  BMG  rootkit. 

See  story  on  page  17 


information  includes  individuals’  names,  addresses, 
Social  Security  numbers,  birth  dates  and  “in  some 
cases,  financial  account  numbers,”  the  regulatory 
agency  said  last  week.  The  laptops  are  password  pro¬ 
tected,  and  the  FTC  said  it  had  no  reason  to  think  the 
data  on  the  laptops,  rather  than  the  laptops  them¬ 
selves,  was  the  target  of  theft.  Those  affected  include 
defendants  in  current  and  past  FTC  cases.The  agency 
was  sending  letters  to  them  with  information  about 
how  to  limit  their  risk  of  identity  theft  and  offering  a 
year  of  free  credit  monitoring.  It’s  the  latest  case 


“How  techie  geeks  play  Rock 
Paper  Scissors.  ” 


Brian  Mueller  of  New  York  is  the  winner  of 
our  latest  Weekly  Caption  Contest  Come  back 
every  Monday  for  the  start  of  a  new  round 
and  your  chance  to  win. 
www.networkworld.com/weblogs/layer8 


Verizon  VS.  Vonage.  Vonage  last  week  said  it  has  been 
served  with  a  lawsuit  from  Verizon  alleging  infringement  of  certain 
patents  relating  to  VoIP  technology.  Vonage  says  it  believes  that  its 
services  have  been  developed  with  its  own  proprietary  technology  and 
technology  licensed  from  third  parties,  and  intends  to  defend  the  law¬ 
suit  vigorously. 


where  sensitive  information  has  been  lost  on  govern¬ 
ment  computers.  In  May,  the  U.S.  Department  of 
Veterans  Affairs  said  personal  data  for  26.5  million 
veterans  may  have  been  compromised  after  a  break- 
in  at  an  analyst’s  home. 

EMC  to  invest  in  China,  India 

■  EMC  last  week  announced  it  will  open  a  soft¬ 
ware  development  center  in  Shanghai  and  invest 
$500  million  in  China  over  the  next  five  years. The 
center  is  part  of  EMC’s  $1.2  billion  investment  in 
global  R&D,  although  the  company  didn’t  specify 
the  cost  of  the  Shanghai  facility. The  software  cen¬ 
ter  will  employ  100  people  by  year-end,  and  500 
people  by  2008,  EMC  said.  The  storage  vendor  is 
hedging  its  offshoring  bets  in  Asia.  Earlier  last 
week  it  announced  a  similar  investment  in  India 
of  $500  million  by  2010,  and  said  it  would  double 
its  staff  there  to  1,600  during  the  same  period. 
While  India  has  been  the  primary  choice  for  soft¬ 
ware  development  offshoring  in  Asia,  a  talent 
shortage  and  rising  costs  have  driven  many  com¬ 
panies  to  look  elsewhere.  Even  Indian  companies 
now  send  contract  work  to  other  Asian  nations, 
including  China  and  Vietnam. 

A  computer  500  times  faster? 

■  European  researchers  are  working  to  develop  sil¬ 
icon  chips  that  forgo  wires  for  carrying  electric  cur¬ 
rents,  an  advance  they  say  could  lead  to  computers 
that  run  as  much  as  500  times  faster  than  today’s 
models.  The  nanotechnology  being  used,  dubbed 
inverse  electron  spin  resonance,  relies  on  firing 
electrons  into  magnetic  fields  produced  in  tiny 
semiconductors. 


Is  your  network  fully  protected? 

(Or  have  you  been  extremely  lucky?) 


•  Delivers  comprehensive  and  centralized  management 

•  Enables  organizations  to  proactively 
block  known  and  unknown  attacks 

•  Increases  efficiency  through  centralized 
deployment,  configuration  and  strict 
monitoring  of  your  enterprise-wide 
security  posture  through  the  easy-to-use 
console  interface 

•  Includes  host  intrusion  prevention, 
antispyware,  antispam,  antiphishing, 
antivirus  and  firewall 
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beyond,  we  have  a  wide  variety  of  the  top  names  in  the  industry.  And  we  have  the  expertise  to  answer  questions, 
offer  advice  and  build  solutions  that  will  help  hold  up  to  the  worst  threats  out  there.  So  call  today  and  get  the 
total  protection  you  need. 
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•  Provides  effective,  high-performance  and 
easy-to-use  inbound  and  outbound 
email  threat  protection 

•  Robust  policy  management,  attachment 
scanning,  dictionaries,  and  approval  boxes 

•  Offers  breakthrough  message  analysis  and 
message  delivery  rates 

•  Ensures  simple  configuration,  easy 
customization  and  automated  maintenance 


Call  CDW  973120 


The  Right  Technology.  Right  Away.  * 

CDW.com  •  800.399.4CDW 
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•  Simplified  management,  reduces  administration  time 
and  costs  associated  with  managing  threats 

•  Prevents  losses  due  to  confidential  information 
leakage  due  to  malware,  spyware,  etc. 

•  Averts  productivity  losses  from  wasteful  or 
unauthorized  use  of  Internet  resources 

•  Improves  PC  performance  by  keeping  PCs 
clean  and  running  efficiently 

•  Streamlines  security  management  enabling 
IT  to  focus  on  strategic  business  initiatives 

•  Lowers  total  cost  of  ownership 
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Reaction  positive  to  changes  at  Novell 


BY  DENI  CONNOR 

Novell’s  announcement  last 
week  that  it  had  ousted  CEO  Jack 
Messman  and  replaced  him  with 
President  Ron  Hovsepian  was 
greeted  positively  by  NetWare 
users  and  industry  analysts,  who 
say  they  hope  the  changes  will 
lead  to  Novell’s  resurgence  in  the 
operating  system  and  identity- 
management  markets. 

The  changes  are  effective  imme¬ 
diately,  although  Messman,  who 
had  served  as  CEO  since  2001 ,  will 
remain  on  Novell’s  board  until  the 
end  of  October.  Novell  CFO  Joe 
Tibbits  will  be  replaced  by  Dana 
Russell,  the  company’s  current 
vice  president  of  finance  and  cor¬ 
porate  controller,  until  a  new  CFO 
can  be  found. 

“The  board  concluded  that  a 


management  change  would  be 
the  best  way  to  accelerate  the 
execution  of  our  growth  strategy 
and  build  value  for  shareholders,” 
says  Thomas  Plaskett,  a  Novell 
director  and  new  chairman  of  the 
board. 

Since  Messman  succeeded  for¬ 
mer  CEO  Eric  Schmidt,  the  com¬ 
pany  has  suffered  from  shrinking 
sales  of  its  flagship  NetWare  oper¬ 
ating  system.  Novell  has  sustained 
continued  revenue  losses  in  the 
past  few  years.  In  the  most  recent 
quarter,  Novell  reported  earnings 
of  $3.3  million  on  revenue  of 
$278.3  million,  which  was  down 
from  $297  million  a  year  ago.  The 
combined  revenues  from  Open 
Enterprise  Server  and  NetWare 
declined  in  the  past  year  by  16%. 

Novell  attempted  to  bolster  its 


operating  revenue  with  the  acqui¬ 
sition  of  SuSE  and  a  restructuring 
of  the  company  to  one  based 
on  the  popular  open  source 
software.  Its  attempts  to  shift  its 
NetWare  user  base  to  Linux  have 
been  partially  successful,  says 
Bruce  McLeod,  a  NetWare  user 
and  system  architect  for  the 
California  Highway  Patrol. 

“Change  is  good,”  McLeod  says. 
“Messman  was  more  of  a  busi¬ 
ness  leader  than  a  technology 
leader.  Granted,  Novell  needs 
both,  but  Hovsepian  may  be  able 
to  better  articulate  the  strengths 
of  the  company’s  current  direc¬ 
tion.”  McLeod  is  moving  his  Net¬ 
Ware  application  servers  to 
Novell’s  SuSE  Linux,  but  has  a  lot 
of  work  left  to  do  with  the  file 
and  print  servers. 


Three  IPS  products  pass 
security  evaluation  tests 


Passing  the  test 

Of  10  vendors'  products  tested  in  ICSA  Labs’  intrusion- 
prevention  system  evaluation,  only  three  attained  the  required 
performance  and  accuracy  goals: 


Product 

Maximum  average  one-way  latency 

BroadWeb's  NetKeeper  3256P  (100Mbps) 

441  millisec  (1,500  allowed) 

Internet  Security  Systems'  Proventia  G400 
(350Mbps) 

398  millisec  (1,430  allowed) 

3Com’s  TippingPoint  5000E  (3Gbps) 

84  microsec  (398  allowed) 

BY  ELLEN  MESSMER 

ICSA  Labs’  first  tests  evaluating 
intrusion-prevention  systems 
have  yielded  just  three  that  made 
the  grade  out  of  10  submitted  for 
review. 

According  to  the  results  an¬ 
nounced  last  week,  the  three  IPS 
products  that  passed  were  Net- 
Keeper  from  BroadWeb,  one  Pro- 
ventia  model  from  Internet  Secur¬ 
ity  Systems  and  3Com’s  Tipping- 
Point  appliance.  Jack  Walsh,  ICSA 
Labs  program  manager,  said  the 
rest  of  the  products  —  which  he 
left  unnamed  under  the  lab’s  policy  but  which  he 
indicated  were  from  major  vendors  —  weren’t  able 
to  detect  100%  of  the  challenges  thrown  at  them  in 
the  lab  setting. 

“They  had  to  get  all  the  attacks  targeting  the  IPS,” 
Walsh  says.  “They  were  allowed  to  correct  for  initial 
failure  and  had  three  days  to  fix  it.” 

ICSA  Labs,  a  division  of  Cybertrust,  has  evaluated 
anti-virus  products  and  firewalls  in  the  past. The  IPS 
tests,  which  began  last  November,  marked  the  first 
time  the  test  lab  evaluated  such  equipment,  which  is 
supposed  to  detect  and  block  attacks  and  malware. 
The  goal  was  to  evaluate  how  well  the  10  IPSs  did 
when  subjected  to  a  battery  of  probes. 

Network  World  also  is  underway  with  testing  half  a 
dozen  IPS  products,  with  results  to  be  released  in 
late  summer. 

At  ICSA  Labs,  the  IPS  equipment  had  to  detect  219 
attacks  on  application  and  operating  system  vulner¬ 
abilities,  plus  recognize  and  defend  against  SYN 


floods  and  other  denial-of-service  attacks. 

The  attack  traffic  was  mixed  in  with  thousands 
of  gigabits  of  legitimate  traffic  that  ICSA  Labs  had 
obtained  from  Cybertrust  business  customers  that 
volunteered  large  traffic  streams  for  this  purpose. 

“It’s  an  intelligent  replay  of  the  gigabits  of  traffic 
that  Cybertrust  corporate  customers  volun¬ 
teered,”  Walsh  says.  ICSA  Labs  used  a  mix  of  tools, 
including  the  Tomahawk  open  source  IPS  testing 
tool,  Core  Impact’s  penetration-test  suite  and  in- 
house  scripts. 

During  the  evaluation,  the  IPS  products  didn’t 
have  to  be  identical  in  speed,  but  they  did  have  to 
meet  acceptable  latency  guidelines. 

The  three  products  that  made  it  through  the  tests 
gain  recognition  under  the  ICSA  Labs  certification 
program.  Walsh  says  ICSA  Labs  will  continue  doing 
IPS  testing.  Another  laboratory-based  organization 
that  tests  IPS  products  is  the  United  Kingdom’s 
NSS  Group.  ■ 


“The  biggest  contribution  Jack 
Messman  made  to  Novell  was 
acquiring  SuSE  Linux,”  says  Brad 
Staupp,  senior  support  analyst  for 
Johnson  County  Community 
College  in  Overland  Park,  Kan. 

There  are  some  who  disagree 
with  giving  Messman  credit  for 
acquiring  SuSE  and  for  its  Linux 
direction. 

“Getting  rid  of  Messman  is  a 
good  move,”  says  Ray  Osburn,  net¬ 
work  support  consultant  for  Utah 
Valley  Regional  Medical  Center  in 
Provo.  “Messman  may  take  the 
credit  of  moving  Novell  towards 
the  open  source  market,  but  there 
were  a  lot  of  good  employees  be¬ 
hind  that  decision.” 

Staupp,  too,  is  in  favor  of 
Hovsepian  taking  over  the  reins  at 
the  struggling  software  company 

“I  was  very  encouraged  by 
Hovsepian,”  Staupp  says.  “[His] 
keynote  speech  at  BrainShare  was 
about  the  free  market  and  the 
ability  to  have  the  freedom  to 
choose  your  systems  and  not  get 
locked  into  one  system.  He  has  a 
good  understanding  what  Novell 
needs  to  do  to  be  successful  in 


the  IT  world.” 

Gary  Hein,  a  Burton  Group  ana¬ 
lyst  formerly  employed  in  the 
CTO’s  office  at  Novell,  says 
Hovsepian  has  the  support  and 
encouragement  of  current  Novell 
employees. 

“It’s  a  good  move  for  Novell  — 
Jack  has  had  many  years  to 
prove  himself  in  the  role,  and 
things  were  not  coming  around,” 
Hein  says.  “Both  customers  and 
employees  are  very  encouraged 
to  work  with  Hovsepian.  Ron 
and  his  team  still  need  to  prove 
to  customers  why  Novell  is  rele¬ 
vant  and  why  they  should  stick 
with  Novell.” 

Further,  Hovsepian  needs  to 
prove  he  can  execute  on  Novell’s 
strategy  to  become  recognized  in 
identity  management,  Linux  and 
systems  management.  ■ 


I  What  do  you  think  about  the 
ouster  of  Jack  Messman? 
Enter  your  comments  in  our 
online  forum  at 
www.nwdocfinder.com/4081. 


MessageLabs 
updates  hosted 
Web  security 

BY  CARA  GARRETSON 

MessageLabs  this  week  is  expected  to  announce  an  upgrade  to  its 
Web  security  service  offering  greater  threat  protection  and  integration 
with  its  e-mail  and  instant-messaging  products. 

The  company  will  stop  reselling  ScanSafe’s  Web  security  services  in 
favor  of  developing  and  selling  its  own  version  that  protects  clients 
from  viruses,  spyware  and  other  malware  distributed  by  Web  sites, 
says  Brian  Czarny,  vice  president  of  product  management  with 
MessageLabs.The  company  last  October  announced  its  Web  security 
offering  (MessageLabs  Web  Security  Services),  which  was  based  on 
ScanSafe’s  service,  and  plans  to  release  a  homegrown  version  next 
month. 

MessageLabs  says  it  can  offer 
greater  protection  from  blended 
threats  —  those  occurring  across 
multiple  communications  chan¬ 
nels,  such  as  IM,  e-mail  and  Web 
—  by  maintaining  all  these  ser¬ 
vices  in-house,  amassing  informa¬ 
tion  about  such  threats  and  pro¬ 
tecting  customers  at  all  levels, 

Czarny  says. 

See  MessageLabs,  page  15 


nww.com 

Guide  to  secure  messaging 

Research  products  that  enable  secure 
messaging.  Check  out  our  online 
Buyer's  Guide. 

www.nwdocfinder.com/4048 


Where  Can  You  Turn  for 
a  Total  Solution? 

As  a  total  solutions  provider,  NEC 
understands  the  complexities  today’s 
converged  networks  can  present  to  your 
business.  With  our  proven  experience, 
we  know  what  it  takes  to  help  you  avoid 
traveling  in  the  wrong  direction. 

NEC  delivers  the  most  choices  of  IP 
communications  platforms  to  meet  the 
unique  needs  of  your  business.  Add  to 
that  a  strong  portfolio  of  applications  and 
services,  and  before  you  know  it,  your 
business  is  traveling  in  the  direction  of 
improved  customer  experience,  enhanced 
employee  productivity,  increased  revenue 
generation  and  maximum 
return  on  investment. 


Why  go  in  different  directions  when  you  can 
focus  on  a  Total  Solution?  Turn  to  NEC! 


www.necunified.com/ip 
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IT  users  and  analysts  share  advice  for  crafting  useful,  reliable 

dashboard  displays. 

•  Don't  get  complacent,  It's  important  to  not  become  over-reliant  on  a  dashboard, 
"assuming  that  because  the  stoplight  image  is  green,  everything  is  OK,"  says  James 
Kritcher,  vice  president  of  IT  at  White  Electronic  Designs  in  Phoenix. 

•  Consider  linking  dashboards  together.  An  IT-specific  dashboard  might  feed  into  an 
executive  dashboard  that  tracks  IT's  support  records  and  service-level  agreement 
(SLA)  performance,  for  example.  "You  can't  just  look  at  performance  in  isolation, 
you  have  to  look  at  it  in  terms  of  how  you're  delivering  a  service  to  your  end  user, "says 
Bill  Gassman,  a  research  director  at  Gartner. 

•  Customize  dashboards  to  specific  users.  Junior  IT  staff  can  track  network  availability, 
server  health  and  application  response  time,  for  example,  while  more  senior  IT 
managers  can  check  on  IT  projects  or  SLAs,  says  Arun  DeSouza,  chief  information 
security  officer  at  Inergy  Automotive  Systems  in  Troy,  Mich.  "It  would  be  good  to 
see  that  99%  of  IT  projects  are  on  schedule  and  that  we  are  hitting  our  SLAs." 

•  Limit  dashboard  metrics  to  five  or  so  to  avoid  becoming  overwhelmed  with  data  and 
lessening  the  relevance  of  the  dashboard,  Gassman  says. 

•  Be  prepared  to  reevaluate  and  revise  metrics  —  but  not  too  often.  "You  have  to 
do  it  in  a  way  that  you're  not  jerking  people  around.  People  don't  like  to  be  measured 
on  one  thing,  then  six  months  later  measured  on  something  else,  then  another  thing," 
Gassman  says. 


Dashboard 

continued  from  page  1 

DeSouza,  chief  information  secu¬ 
rity  officer  at  Inergy  Automotive 
Systems  in  Troy,  Mich.  DeSouza 
recently  gained  an  additional 
title  —  manager  of  global  service 
assurance  —  that  requires  he  bet¬ 
ter  track  IT  service  levels. 

“It  is  really  important  for  an  IT 
department  to  measure  what  you 
deliver  and  to  show  improve¬ 
ments  in  services  over  time,” 
DeSouza  says.  “Even  if  the  busi¬ 
ness  units  don’t  completely 
understand  the  technologies 
underneath  what  you  are  mea¬ 
suring,  they  appreciate  the  mea¬ 
sure  of  IT  performance.” 

As  IT  executives  make  an  effort 
to  run  their  departments  more 
like  a  business  than  a  cost  center, 
they  need  information  that  helps 
qualify  the  business  conse¬ 
quences  of  events  such  as  appli- 


Productivity  payoff 

Forrester  Research  says  hav¬ 
ing  a  consolidated  view  of  the 
IT  project  pipeline  via  an  inte¬ 
grated  dashboard  can  save 
companies 

20%  to  45% 

in  costs. 


cation  latency  and  server  down- 
time.“!T  is  starting  to  think  about 
the  metrics  that  tell  us  if  our  busi¬ 
ness  is  running  well,”  says  Bill 
Gassman,  a  research  director  at 
Gartner. 

To  get  there,  IT  is  migrating  from 
static  dashboards  that  have  had 
to  be  updated  manually  to  auto¬ 
mated  systems  that  draw  data 
more  frequently  and  from  a 
wider  range  of  sources.  Some  sys¬ 
tems  are  homegrown,  others  are 
packaged  offerings  from  vendors 
such  as  BMC  Software,  CA,  Cog- 
nos,  Hyperion,  HP  and  IBM. 

At  the  same  time,  the  trend 
toward  more  advanced  business 
monitoring  is  spurring  new  part¬ 
nerships  among  systems  man¬ 
agement  and  business  intelli¬ 
gence  vendors.  HP’s  Decision- 
Center  software  —  a  product 
announced  last  week  that  helps 
IT  managers  plan  IT  capacity 
and  projects  with  business  per¬ 
formance  in  mind  —  is  integrat¬ 
ed  with  Business  Objects,  for 
example. 

DeSouza  is  among  IT  users 
making  the  switch  from  static,  in¬ 


house  developed  dashboards  to 
an  “automated  super-dashboard” 
that  he  expects  will  help  his 
department  change  its  service 
delivery  approach  to  better  sup¬ 
port  the  business. 

“We  used  to  focus  mostly  on 
measuring  the  network  metrics. 
Now  we  track  more  financial 
indicators,  and  we  still  want  to 
do  a  measure  of  customer  satis¬ 
faction  with  key  projects,  as  well 
as  help  desk  response  time  and 
speed  of  resolution,”  DeSouza 
says. 

Billboard  style 

One  of  the  biggest  challenges 
for  users  is  identifying  the  appro¬ 
priate  metrics  to  track.  A  big  rea¬ 
son  dashboard  projects  fail  is  too 
much  information, Gassman  says. 
If  a  dashboard  has  more  than  five 
metrics,  experiment  to  see  which 
metrics  really  affect  perfor¬ 
mance.  “Everything  else  you 
should  start  whittling  away 
because  it  just  becomes  a  dis¬ 
traction,”  he  says. 

Equally  important  is  not  be¬ 
coming  over-reliant  on  a  dash¬ 
board  and  assuming  that 
because  a  graphical  indicator 
isn’t  flashing  a  warning  sign, 
everything  is  OK,  says  James 
Kritcher,  vice  president  of  IT  at 
White  Electronic  Designs  in 
Phoenix.  He  keeps  tabs  on  multi¬ 
ple  special-purpose  dashboards 
that  track  help  desk  statistics,  sys¬ 
tem  availability,  project  portfolios 
and  service-level  agreement 
compliance. 

“It’s  important  to  understand 
the  data  behind  the  dashboard 
—  the  data  source,  how  the  data 
is  rolled  up  from  multiple  sites, 
how  often  the  data  is  refreshed,” 
Kritcher  adds. 

Having  a  handle  on  that  can 
help  ensure  executives  don’t 
react  too  quickly  to  what  may  be 
negative  results  in  their  dash¬ 
board  and  wreak  havoc  on  IT 
processes  or  technologies.  “We 
are  using  cross-checked  metrics 
from  different  sources  to  ensure 
that  the  metrics  are  not  showing 
false  positive,”  says  Jean-Philippe 
Draye,  a  system  architect  manag¬ 
er  at  Avaya  in  Belgium. 

His  dashboard  tracks  condi¬ 
tions  such  as  application  avail¬ 
ability  and  response  time,  as  well 
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as  ongoing  performance  metrics 
such  as  the  percentage  of  sup¬ 
port  requests  solved  on  the  first 
call.  It’s  all  on  display  on  a  big 
plasma  screen  for  IT  managers  to 
view,  including  a  ticker  that  runs 
across  the  bottom  highlighting 
current  outages. 

Michael  Nix’s  dashboard  tracks 
similar  metrics,  but  via  a  Web 
interface  rather  than  a  plasma 
screen.  He  checks  the  dashboard 
every  morning  and  staff  mem¬ 
bers  monitor  it  throughout  the 
day.  In  addition,  Nix  has  extended 
the  dashboard  to  users  outside 
the  IT  department. 

“We  have  a  dashboard  for  three 
other  departments  that  are  heavy 
IT  service  users,”  says  Nix,  who  is 
assistant  director  of  IT  services 
and  communications  technolo¬ 
gies  at  the  Kansas  University 
Hospital  Authority  in  Kansas  City, 
Kan.  For  these  users,  the  dash¬ 
board  view  is  tailored  to  display 
each  department’s  relevant  appli¬ 
cations  and  network  segments. 
Looking  ahead,  Nix  plans  to  cre¬ 
ate  similar  dashboards  for  the 
company’s  remaining  depart¬ 
ment  directors. 

Some  IT  staff  raised  questions 
about  giving  other  departments 
tools  to  track  IT  performance,  Nix 
says.“My  response  was  if  we  have 
something  to  be  ashamed  about 
in  that  regards,  we  need  to  work 
harder;”  he  says.  “I  consider  it  a 
failing  on  our  part  if  we  are  not 
already  working  on  an  issue 
before  it  comes  to  their  attention 
because  of  the  dashboard.” 

Legwork  required 

Building  a  dashboard  doesn’t 


have  to  be  an  expensive  project. 
Just  ask  Craig  Bush,  who  runs  a 
custom  dashboard  he  built  using 
open  source  tools  on  a  Linux 
workstation. 

He  uses  RRDTool  for  the  back¬ 
end  storage  database  and  MRTG 
as  the  front-end  graphing  data¬ 
base.  For  display  graphics,  Bush 
uses  a  Web  application  called 
Routers2.cgi. 

“All  open  source,  all  free,”  says 
Bush,  a  network  administrator  at 
orthopedic  and  medical  device 
provider  Exactech  in  Gaines¬ 
ville,  Fla. 

“It  doesn’t  have  the  bells  and 
whistles  of  some  of  the  commer¬ 
cial  offerings,  but  I  can  do  pretty 


much  anything  they  can  do  if  I 
set  my  mind  to  it,”  he  says. 

While  it  may  sound  simple, 
Gassman  cautions  IT  not  to 
embark  on  a  dashboard  project 
lightly  IT  needs  to  know  the  data 
is  clean,  secure  and  up-to-date, 
and  systems  need  to  be  well  inte¬ 
grated  before  attempting  to  build 
a  dashboard,  he  says. 

Once  that  foundation  is  in 
place,  it  is  easy  to  pull  together  a 
dashboard,  he  says.  “But  for 
organizations  that  don’t  have 
that  maturity  level,  to  jump  into 
dashboards  just  because  some 
executive  says  he  wants  one  . . . 
is  just  going  to  cause  them 
headaches.”  ■ 


Altiris  integrates  application 
virtualization  wares 


BY  JOHN  FONTANA 

Software  management  and  virtualization  vendor 
Altiris  last  week  released  software  to  help  corpora¬ 
tions  ease  rollouts  of  virtualized  applications  and 
manage  desktops  better. 

Wise  Package  Studio  7.0  is  software  for  turning  an 
.msi  application  installation  file  into  a  form  that  can 
be  executed  in  a  virtualized  environment  on  a  desk¬ 
top  PC. 

The  Wise  software  has  been  integrated  with  Altiris’ 
Software  Virtualization  Solution  (SVS),a  client  agent 
that  adds  virtualization  capabilities  to  desktops.  SVS 
isolates  such  things  as  an  application’s  files  and  reg¬ 
istry  settings  from  the  underlying  operating  system 
even  as  the  application  runs  normally  Earlier  this 
month,  Altiris  released  an  upgrade  to  SVS  to  support 


the  integration  with  Wise. 

“Where  Wise  7  comes  into  play  for  us  is  that  we  can 
take  the  100  applications  we  have  spent  two  years 
packaging  and  standardizing,  and  bring  them  into 
Wise  and  see  how  quickly  we  can  turn  those  pack¬ 
ages  over  to  virtualized  applications,”  says  Matt 
Giblin,  senior  desktop  engineer  for  Mercy  Health 
Systems  in  Baltimore. “Once  we  do  that,  we  can  say 
we  have  virtualized  our  desktops.” 

Giblin  says  virtualization  provides  a  clean  way  to 
manage  and  upgrade  desktops  because  he  avoids 
application  conflicts  over  shared  document  link 
libraries,  doesn’t  require  uninstall  scripts  to  remove 
applications,  quickly  rolls  back  damaged  applica¬ 
tions  to  a  known  stable  state  and  upgrades  applica- 

See  Altiris,  page  14 
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Cisco 

continued  from  page  1 

an  eye  on  more  advanced  soft¬ 
ware  areas  such  as  telepresence. 

“We  have  to  evolve  our  software 
strategy”  said  Cisco  CEO  and 
Chairman  John  Chambers  during 
a  session  with  journalists  at  the 
show.  “We  tend  to  lump  software 
into  maintenance.  So  often  peo¬ 
ple  get  the  difference  between 
maintenance  and  software 
upgrades  [confused]  when  in  fact 
they  are  in  the  same  category’ 

Chambers  was  referring  to 
Cisco’s  practice  of  bundling 
router  and  switch  software  with 
ongoing  maintenance  contracts 
on  the  equipment,  which  usually 
is  required  to  receive  updated, 
licensed  IOS  software.  By  break¬ 
ing  software  out  as  a  separate 
item,  Chambers  said,  Cisco  could 
give  customers  a  clearer  idea  of 
what  software  they’re  buying  and 
more  options  for  mixing  services 
with  hardware  and  software.  How 
this  change  would  affect  costs  for 
users  remains  a  question. 

“What  we  have  to  think  about 
over  the  next  five  years  [is]  how 
our  software  strategy  will  evolve 
...  on  how  we  charge  customers 
for  traditional  software,  to  where 
we  move  to  new,  collaborative 
applications  or  new  security  ser¬ 
vices  or  management,”  he  said. 

Without  going  into  details  or 
timetables,  Chambers  indicated 
corporate  users  might  see  gradual 
changes  during  the  next  few  years 
toward  a  more  common  model 
for  buying  software . 

“More  than  half  of  our  engineers 
are  software  engineers,  yet  we  sell 
[software]  like  a  hardware  prod¬ 
uct.  Whereas  all  the  major  soft¬ 
ware  companies  in  the  world 
charge  major  amounts  for 
upgrades  and  regular  things  and 
customers  don’t  even  blink  about 
that  in  terms  of  the  upgrades,” 
Chambers  said. 

While  not  publicly  announced 
at  Networkers,  the  idea  of  break¬ 
ing  out  network  services  and 
support  from  software  and  hard¬ 
ware  drew  mixed  responses 
from  attendees. 

“I’d  like  to  have  the  choice  both 
ways”  —  to  combine  software 
with  maintenance  and  hardware 
or  to  separate  them,  said  Bruce 
Pulitzer,  corporate  network  con¬ 
sultant  for  Goodyear  Tire  and 
Rubber  Company  in  Akron, 
Ohio,  who  manages  hundreds  of 
Cisco  routers  across  the  compa¬ 
ny’s  WAN.“ln  some  sites,  I’d  like  to 


just  stick  something  in  and  let  it 
run  forever,”  he  said.  “In  other 
sites,  I  want  to  be  on  the  leading 
edge,  and  I  need  to  deploy  new 
features  constantly” 

With  Cisco’s  current  model,  any 
device  that  gets  a  licensed,  sup¬ 
ported  IOS  version  includes  a 
slew  of  services  and  support 
extras  that  may  not  be  necessary, 
Pulitzer  said.“I  may  not  [want]  to 
buy  a  whole  line  of  services  just  to 
have  IOS,”  he  said. 


One  industry  observer  said  a 
shift  in  Cisco’s  hardware-software 
model  could  benefit  both  cus¬ 
tomers  and  the  vendor. 

“Cisco  is  right,  and  they  need 
to”  evolve  their  software  model, 
said  Robert  Whiteley,  senior  ana¬ 
lyst  with  Forrester  Research.  He 
said  the  ubiquity  of  IOS,  the 
myriad  features  it  supports,  and 
the  fact  the  software  is  basically 
thrown  in  for  free  when  users 
buy  routers  with  support  con¬ 
tracts  all  add  up  to  a  sometimes 
confusing  pricing  model. 

“There  is  a  lot  of  value  locked  up 
in  [IOS],”  Whiteley  said.  “I  don’t 
want  to  say  it’s  money  on  the  table 
[for  Cisco],  but  as  network  prod¬ 
ucts  become  more  intelligent, that 
means  IOS  becomes  a  more  valu¬ 
able  asset.  So  decoupling  that 
makes  sense  for  Cisco.” 

According  to  Cisco’s  pricing 
model,  Whiteley  said,  although 
IOS  is  basically  free  as  part  of  the 
router  cost,  users  pay  12%  to  15% 
of  the  cost  of  the  hardware  on  an 
annual  basis  for  a  SMARTnet  sup¬ 
port  contract,  which  provides  sup¬ 
port,  equipment  replacement, soft¬ 
ware  bug  fixes  and  upgrades.  “If 
you  don’t  get  SMARTnet,  you’re 
kind  of  in  trouble.  It’s  buyer- 
beware,”  he  said,  because  the 
device  is  not  covered  by  software 
updates  and  bug  fixes. 

Changing  IOS  pricing  could  also 
help  users  in  the  long  run. 
“Although  people  hate  paying  for 
SMARTnet,  Cisco’s  customer  sup¬ 
port  and  support  model  often  gets 
kudos,  and  it’s  the  reason  why 
people  pay  Cisco’s  premium.  If 
you  have  something  high-value 
that  people  love,  yet  they  hate  pay¬ 


ing  for  it, you’ve  got  a  broken  pric¬ 
ing  model,”  Whiteley  said.  “The 
problem  is,  how  do  you  do  it? 
How  do  you  change  the  way  that 
many  customers  buy”  IOS,  routers 
and  support  contracts,  he  asked. 

Others  said  the  current  model 
has  benefits  and  drawbacks. 

“If  I  were  to  say  something  is  a 
little  high  in  price,  I’d  say  it’s 
Cisco’s  annual  maintenance  — 
and  I  only  say  that  because  I  hear 
about  that  from  [my  boss],” said 


Jon  Campbell, director  of  network 
services  at  FirstHealth  of  the 
Carolinas,  a  three-hospital  health¬ 
care  network  covering  15  coun¬ 
ties  in  North  Carolina  and  South 
Carolina.  The  organization’s  LAN, 
WAN  and  wireless  LAN  infrastruc¬ 
ture  is  based  on  Cisco  gear,  which 
can  vary  in  support  costs.“It’s  kind 
of  a  give  and  a  take;  [Cisco’s  pric¬ 
ing]  is  probably  high  on  some 
things,  and  low  on  others,”  in 
terms  of  support,  he  said. 

However,  the  service  that  is  deliv¬ 
ered  is  often  worth  it.“lf  something 
breaks,  [Cisco]  replaces  it  without 
question.  That’s  really  nice,” 
Campbell  added. 

Moving  up  the  stack 

The  idea  of  Cisco’s  pricing 
model  for  IOS  evolving  comes  as 
the  company  continues  its  push 
to  become  more  focused  on  the 
applications  riding  on  top  of  the 
network  pipes  and  plumbing  the 
vendor  supplies. 

“I’m  proud  to  be  a  plumber;” 
Chambers  said,  referring  to  basic 
Layer  2-3  technology,  which 
makes  up  almost  two-thirds  of  the 
company’s  revenue  each  quarter. 
“It’s  a  very  good  occupation  and 
it’s  been  very  very  [rewarding]  for 
us  and  our  shareholders.  How¬ 
ever,  as  this  plumbing  moves 
beyond  transport  to  the  delivery 
of  content;  the  prioritization  of 
streams;  the  ability  to  empower 
many  applications  from  applica¬ 
tions  to  healthcare,  business  pro¬ 
ductivity,  with  data/voice  video 
integration;  it  will  by  definition 
move  from  merely  transport  to 
each  node  having  intelligence.” 

Cisco’s  software  offerings  range 


far  beyond  the  device  operating 
systems  it  makes  for  its  network 
equipment;  collaboration  appli¬ 
cations  that  include  presence, 
chat  and  videoconferencing  for 
desktop  clients  are  now  part  of 
the  company’s  software  menu. 
Network  and  application  man¬ 
agement  software  platforms, 
security  management,  as  well  as 
security  host  agents  and  client 
software  also  are  part  of  Cisco’s 
software  business. 

In  December,  Cisco  launched  its 
Service-Oriented  Network  Archi-  i 
tecture  (SONA)  campaign,  and  its 
Application  Network  Services 
(ANS)  advanced  technology  busi¬ 
ness  segment.  SONA  is  a  far-reach¬ 
ing  plan  meant  to  tie  applications 
and  services  closer  to  the  network 
plumbing  Cisco  provides.  ANS  is  a 
conglomeration  of  all  Cisco’s 
Layer  4-7  technologies  —  from 
content  switching  to  XML-based 
Application  Oriented  Network 
traffic  acceleration. 

Telepresence,  which  integrates 
high-definition  IP  video,  audio 
and  life-sized  display  screens,  is 
one  of  the  collaborative  applica¬ 
tions  enterprises  should  expect 
Cisco  to  announce  over  the  next 
few  quarters,  Chambers  said,  as 
the  company  eyes  its  next 
advanced  technology  (a  poten¬ 
tially  $1  billion  revenue  stream) 
under  its  SONA  architecture. 

“We  don’t  want  to  get  too  far 
ahead  of  ourselves  in  telepres¬ 
ence,  but  at  the  same  time  we 
want  to  outline  a  vision  of 
where  the  industry  is  going  to 
go,”  Chambers  said.  He  has 
referred  to  telepresence  as 
potentially  Cisco’s  next  ad¬ 
vanced  technology  in  past 
speeches  and  demonstrations. 

Of  course,  big-bandwidth  appli-  j 
cations  such  as  telepresence  also 
help  drive  the  plumbing  busi¬ 
ness,  Chambers  said,  adding  he 
expects  applications  such  as 
video  to  drive  up  network  band¬ 
width  usage  threefold  in  the  next 
two  years. 

“[SONA]  looks  like  a  very  com¬ 
plex  thing  to  put  together,” 
RrstHealth’s  Campbell  said.  He 
added,  however,  that  looking  at 
the  architecture  piece  by  piece, 
the  concept  reflects  what  he  and 
other  users  already  are  doing.  “I 
like  the  concept  of  creating  multi¬ 
ple  networks  over  the  same  infra¬ 
structure.  Sometimes  it’s  hard  to  ; 
get  your  head  around  it. . . .  Cisco 
can  get  pretty  bold  in  what 
they’re  trying  to  shoot  for,  but  the 
overall  concept  is  pretty  good.”B 


«What  we  have  to  think 
about  over  the  next  five 
years  [is]  how  our  software 
strategy  will  evolve.55 

John  Chambers,  President  and  CEO,  Cisco 
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Volcano 

continued  from  page  1 

University  and  his  wireless  sensor 
mesh  network  come  in. 

Previously  seismologists  from 
the  University  of  New  Hampshire 
(UNH)  and  University  of  North 
Carolina  (UNC)  collected  data 
by  lugging  bulky  heavy  sensor 
stations  up  the  mountain  —  each 
one  containing  a  car  battery  for 
power  plus  sensors,  cables,  and 
data  logging  and  data  storage 
equipment. 

Every  few  days  someone  had  to 
trek  several  hours  back  up  the 
mountain  to  collect  the  micro- 
drives.This  put  severe  limits  on 
the  number  of  sensor  stations 
deployed  and  consequently  on 
the  amount  of  data  collected.The 
setup  also  had  other  limitations 
—  for  example,  there  was  no  way 
to  tell  if  one  of  the  stations  had 
stopped  functioning. 

Welsh  had  a  better  idea.  He  had 


a  190-node  wireless  sensor  mesh 
running  at  Harvard  that  was 
designed  to  detect  changes  in  a 
building’s  temperature  and 
humidity.  Now  it  was  time  to 
bring  his  mesh  network  out  of 
the  lab  and  into  the  line  of  fire. 

It's  a  jungle  out  there 

For  the  Reventador  expedition, 
Welsh  created  a  tiny  low-power 
sensor  station  that  runs  on  ordi¬ 
nary  D-cell  batteries  and  fits  into 
a  plastic  case  the  size  of  a  lunch- 
box.  It  sends  seismic  and  sonic 
data  around  the  clock  to  a  base 
station  that  collects  data  in  real 
time. Total  cost:  $400  per  node. 

In  August  2005,  the  seismolo¬ 
gists  from  UNH  and  UNC  and  the 
computer  scientists  from  Harvard 
flew  to  Quito,  drove  three  hours, 
then  bushwhacked  through  the 
jungle  for  several  hours  to  the 
base  of  the  mountain,  where  they 
camped.  At  5  a.m.,  Reventador 
issued  a  loud  wake-up  call. 

“The  top  blew”  Welsh  says, “and  1 
freaked  out.” 

Welsh  was  far  enough  away 
from  the  top  of  the  volcano  so 
that  he  wasn’t  in  danger,  but  just 
to  be  on  the  safe  side  he  sent  his 
grad  students  up  the  mountain 
while  he  manned  the  base  sta¬ 


tion.  His  team  deployed  a  total  of 
16  nodes  650  to  1,300  feet  apart, 
in  an  ad  hoc  mesh  network  that 
spanned  almost  2  miles  up  one 
side  of  the  volcano. 

Each  node,  which  consisted  of 
a  Tmote  Sky  sensor  from  Moteiv, 
an  interface  board  and  a  battery 
holder,  was  covered  with  rocks  to 
anchor  it  and  protect  it  from  the 
elements.  (The  area  had  been 
defoliated  in  the  2002  eruption.) 

The  seismic  sensors  were 
buried  nearby  connected  to  the 
nodes  by  USB,  and  the  sensors 
that  measure  infrasonic  waves 
were  mounted  on  PVC  tubing 
Welsh  used  to  elevate  the  high- 
gain  antennas  off  the  ground. 

The  network  used  IEEE 
802.15.4  low  data-rate  radios  and 
connected  to  a  FreeWave  radio 
modem  at  the  base  of  the  moun¬ 
tain  that  backhauled  the  data  to 
a  laptop  about  2.5  miles  away  in 
the  tiny  hotel  where  the  team 
was  staying.  (Welsh  says  he 


decided  against  using  802.1 1 
because  it  would  have  required 
too  much  power.) 

As  one  might  expect,  all  kinds 
of  problems  arose.  For  example, 
each  node  had  enough  storage 
capacity  to  record  20  minutes 
worth  of  data,  then  it  simply  over¬ 
wrote  the  disk.  Because  the  scien¬ 
tists  obviously  wanted  data  only 
when  the  volcano  was  erupting, 
Welsh  set  up  the  system  so  that 
when  any  five  nodes  reported 
seismic  activity  to  the  base  sta¬ 
tion,  all  the  nodes  were  pinged 
and  told  to  capture  the  last  60 
seconds’  worth  of  data. 

That  worked  well  until  the  time 
they  were  eating  dinner  in  the 
hotel  and  a  giant  explosion  was 
heard.  Welsh  raced  over  to  check 
the  laptop  and  realized  that  a 
smaller  event  had  occurred  with¬ 
in  a  minute  of  the  giant  event, so 
the  network  was  busy  capturing 
data  for  the  small  event  and 
missed  the  big  one. 

There  were  other  minor  glitches 
that  one  probably  would  not  run 
into  at  Harvard.  For  example,  the 
hotel  didn’t  run  electricity 
overnight  so  Welsh  had  to  hire 
somebody  to  keep  filling  the  gen¬ 
erator  with  diesel  fuel  to  keep  the 
laptop  running.  That  person 


apparently  dozed  off  every  so 
often, so  occasionally  the  laptop 
died. 

As  far  as  data  collection  goes, 
the  experiment  was  a  qualified 
success.  It  took  around  six  days 
to  get  everything  up  and  running. 
Then  the  system  crashed  on  Day 
8.The  team  got  everything 
rebooted  by  Day  13  and  from 
that  point  through  Day  19,  the 
network  ran  like  a  dream  — 
except  for  the  time  that  a  giant 
ball  of  molten  rock  blew  the  top 
off  the  PVC  pipe  connected  to 
the  sensor  node  closest  to  the 
top  of  the  volcano. 

Another  major  problem  was  the 
fact  that  although  ordinary  data 
networks  simply  retransmit 
dropped  packets,  the  scientists 
wanted  a  datastream  with  no 
dropped  packets  and  they 
wanted  all  the  data  time-stamped 
to  within  10  milliseconds. 

In  other  words,  they  wanted  to 
be  able  to  follow  an  event  as  it 
cascaded  down  the  mountain 
from  one  sensor  node  to  the 
next.  It  took  Welsh  and  his  team 
more  than  six  months  to  get 
the  data  to  that  point,  but  the 
result  was  usable  information 
about  230  events. 

The  venture  has  yielded  some 
interesting  data.  For  example, 
one  would  expect  volcanic 
activity  to  start  at  the  top  of  a 
mountain,  but  some  events 
came  from  deep  inside 
Reventador  in  locations  that  the 
seismologists  didn’t  anticipate. 

So  what’s  next  for  Welsh  and 
his  crew?  The  plan  is  to  keep 
working  toward  a  sensor  mesh 
of  hundreds  of  nodes,  aug¬ 
mented  by  a  middle  tier  of 
Linux-based  802.11  devices 
that  would  sit  between  the 
remote  sensors  and  the  base 
station. 

Welsh  hopes  to  deploy 
enough  sensors  to  create  a  3-D 
view  of  the  volcano.  That 
would  require  devices  with 
better  power  consumption, 
more  powerful  data-collection 
capabilities  and,  of  course, 
more  grad  students.B 


Got  great  ideas? 


■  Got  a  suggestion  for  a  Wider  Net 
story?  An  offbeat  network  industry- 
related  topic?  A  fascinating  person¬ 
ality  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bbrown  (a>  nww.com. 


The  network  ran  like  a  dream  — 
except  for  the  time  that  a  giant  ball  of 
molten  rock  blew  the  top  off  the  PVC 
pipe  connected  to  the  sensor  node. 


The  hot  network 

The  16-node  remote-sensor  network  picked  up  seismic  activity 
and  sound  waves  from  the  Reventador  volcano  in  Ecuador 
over  a  three-week  period. 


Q  Each  Tmote  Sky  sensor  node  has  a  small  Texas  Instruments  microcontroller,  48KB 
of  program  memory,  10KB  of  static  RAM,  1MB  of  external  flash  memory  and  a  2.4 
GHz  Chipcon  802.15.4  radio.  The  Tmote  Sky  sensors  run  the  TinyOS  operating 
system. 

H  The  nodes  use  a  self-organizing  routing  topology  and  have  an  effective  data  rate 
of  10K  byte/sec. 

□  The  nodes  connect  to  three  FreeWave  Technologies  radio  modems,  each  requiring 
a  car  battery  for  power. 

Q  The  radio  modems  transmit  data  to  a  base  station  laptop  located  in  a  small  hotel 
2.5  miles  away, 


Altiris 
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tion  packages  after  testing  them  in  the  lab. 

“Our  turnaround  times  are  decreased  and  we  don’t  have  a  lot  of 
[management]  issues  because  we  are  not  deleting  files,”  Giblin 
says. 

In  addition  to  converting  100  applications  to  the  Wise/SVS  model, 
Giblin  is  testing  a  special,  virtualized  Internet  Explorer  that  would 
run  in  its  own  environment,  minimizing  the  browser's  security  risks 
for  the  desktop. 

Mercy  Health  also  is  considering  using  the  virtualization  technol¬ 
ogy  to  support  a  roaming  profile  for  users.  With  the  two  pieces  of 
software,  users  package  up  their  applications;  store  them  as  files  on 
client  machines;  and  activate,  deactivate  and  update  those  applica¬ 
tions  in  a  centralized  and  managed  fashion. 

The  SVS  software  works  on  its  own  or  as  an  integrated  component 
of  the  Altiris  Client  Management  Suite,  which  competes  with  prod¬ 
ucts  from  CA,  LANDesk  and  Microsoft.  SVS  competes  with  similar 
technology  from  Softricity,  which  was  recently  acquired  by 
Microsoft. 

In  addition  to  integrating  with  SVS,  Wise  Package  Studio  7.0  sup¬ 
ports  package  creation,  editing  and  management  for  a  number  of 
new  formats,  including  virtual  software  archive  (.vsa),  Red  Hat 
Linux  (.rpm)  and  Windows  Mobile  5.0. 

Wise  Package  Studio  7.0  costs  $4,600  per  user  and  includes  licens¬ 
es  for  50  SVS-enabled  desktops,  on  which  an  unlimited  number  of 
virtualized  applications  can  run. SVS  is  priced  at  $29  per  desktop.  ■ 
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Wi-Fi  hacked  in  digital  drive-by' 


BY  ROBERT  MCMILLAN,  IDG  NEWS  SERVICE 

Security  researchers  have  found  a  way  to 
seize  control  of  a  laptop  computer  by  man¬ 
ipulating  buggy  code  in  the  systems  wire¬ 
less  device  driver. 

The  hack  will  be  demonstrated  at  the 
upcoming  Black  Hat  USA  2006  confer¬ 
ence  during  a  presentation  by  David  May- 
nor,  a  research  engineer  with  Internet  Se¬ 
curity  Systems,  and  Jon  Ellch,  a  student  at 


MessageLabs 

continued  from  page  8 

For  example,  if  MessageLabs  finds  a  link 
to  a  URL  distributing  malware  that  is  com¬ 
ing  through  e-mail  or  IM  channels.it  imme¬ 
diately  updates  its  Web  security  service  to 
block  customers  from  visiting  that  site, 
Czarny  says.  Because  the  original  version 
of  its  Web  security  service  was  based  on 
ScanSafe  technology,  MessageLabs 
couldn’t  use  such  information  in  the  same 
manner,  he  says. 

One  customer  is  pleased  that  Message¬ 
Labs  is  moving  to  its  own  technology. 

“Their  e-mail  service  is  great,  but  their  Web 
anti-virus  service  has  been  only  OK,”  says 
Michael  Gonda,  senior  systems  administra¬ 
tor  with  Perkins  Eastman  Architects,  which 
has  more  than  500  employees  in  New  York. 
“It  does  its  job,  but  the  management  of  the 
account  from  a  technical  angle  is  not  as 
good  as  the  other  services,  and  getting  sup- 


the  U.S.  Naval  Postgraduate  School  in 
Monterey,  Calif. 

Device  driver  hacking  is  technically  chal¬ 
lenging,  but  the  field  has  become  more 
appealing  in  recent  years,  partly  because 
new  software  tools  that  make  it  easier  for 
less  technically  savvy  hackers,  known  as 
script  kiddies,  to  attack  wireless  cards, 
Maynor  said  in  an  interview. 

The  two  researchers  used  an  open  source 


port  for  the  Web  services  is  very  difficult.” 

Another  advantage  of  the  new  version  is 
integration,  Czarny  says.  Customers  can  use 
one  interface  to  manage  all  services  from 
MessageLabs,  sharing  information  about 
users  and  groups  for  policy  and  reporting 
purposes  and  having  to  configure  the  ser¬ 
vices  only  once. 

The  upgraded  service  avoids  delays  in 
serving  up  Web  pages  to  customers  by 
load  balancing  requests  across  multiple 
MessageLabs  data  centers,  directing  re¬ 
quests  to  the  server  that  is  the  least  busy 
Czarny  says. 

MessageLabs  Web  Security  Services  2.0 
will  be  available  in  two  options.  Anti¬ 
spyware  and  anti-virus  services  will  be 
priced  at  $3.75  per  user,  per  month;  URL  fil¬ 
tering  will  cost  $2.50  per  user,  per  month. 
Customers  electing  both  services  will  pay 
$5  per  user,  per  month;  discounts  will  be 
available  to  customers  using  more  than 
one  of  the  services.  ■ 


802.11  hacking  tool  called  LORCON  (Lots 
of  Radion  Connectivity)  to  throw  an  ex¬ 
tremely  large  number  of  wireless  packets  at 
different  wireless  cards.  Hackers  use  this 
technique,  called  fuzzing,  to  see  if  they  can 
cause  programs  to  fail,  or  run  unauthorized 
software  when  they  are  bombarded  with 
unexpected  data. 

Using  tools  such  as  LORCON,  Maynor  and 
Ellch  discovered  many  examples  of  wire¬ 
less  device  driver  flaws,  including  one  that 
let  them  take  over  a  laptop  by  exploiting  a 
bug  in  an  802.11  wireless  driver.  They  also 
examined  other  network  technologies,  in¬ 
cluding  Bluetooth,  Evolution-Data  Only  and 
High  Speed  Downlink  Packet  Access. 

The  two  researchers  declined  to  disclose 
the  specific  details  of  their  attack  before  the 
Aug.  2  presentation,  but  they  described  it  in 
dramatic  terms. 

“This  would  be  the  digital  equivalent  of  a 
drive-by  shooting,”  Maynor  said.  An  attacker 
could  exploit  this  flaw  by  simply  sitting  in  a 
public  space  and  waiting  for  the  right  type 
of  machine  to  come  into  range. 

The  victim  would  not  even  need  to  con¬ 
nect  to  a  network  for  the  attack  to  work. 

“You  don’t  have  to  necessarily  be  con¬ 
nected  for  these  device  driver  flaws  to 
come  into  play”  Ellch  said. “Just  because 
your  wireless  card  is  on  and  looking  for  a 
network  could  be  enough.” 

More  than  half  of  the  flaws  that  the  two 
researchers  found  could  be  exploited 
before  the  wireless  device  connected  to  a 


network. 

Wireless  devices  are  often  configured  to 
be  constantly  sniffing  for  new  networks, 
and  that  can  lead  to  security  problems, 
especially  if  their  driver  software  is  badly 
written. 

Researchers  in  Italy  recently  created  a 
project  billed  as  a  hacking  lab  on  wheels, 
called  BlueBag,  to  underscore  this  point 
by  showing  how  many  vulnerable  Blue¬ 
tooth  wireless  devices  they  could  con¬ 
nect  with  by  wandering  around  public 
spaces  such  as  airports  and  shopping 
malls.  After  spending  about  23  hours 
wandering  about  Milan,  they  had  found 
more  than  1 ,400  devices  that  were  open 
to  connection. 

“Wireless  device  drivers  are  like  the  Wild, 
Wild  West  right  nowf  Maynor  said.“LORCON 
has  really  brought  mass  Wi-Fi  packet  injec¬ 
tion  to  script  kiddies.  Now  it’s  pretty  much 
to  the  point  where  anyone  can  do  it.” 

Part  of  the  problem  is  that  the  engineers 
who  write  device  drivers  often  do  not  have 
security  in  mind,  he  said. 

A  second  problem  is  that  vendors  also 
make  devices  do  more  than  they  really 
need  to  in  order  to  be  certified  as  compli¬ 
ant  with  a  particular  wireless  standard.That 
piling  on  of  features  can  open  security 
holes  as  well,  he  said.  ■ 

WIRELESS  IN  THE  ENTERPRISE 

Subscribe  to  our  free  newsletter. 
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Verizon 
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facilities  in  CaryN.C. 

The  carrier  will  be  playing 
catch-up  to  at  least  one  competi¬ 
tor,  analysts  say 

“Compared  to  Sprint,  Verizon 
Business  is  a  little  late  coming  out 
with  a  Layer  2  migration  technol¬ 
ogy  to  MPLS,”  says  Lisa  Pierce,  an 
analyst  at  Forrester  Research.“And 
it  has  quite  a  large  installed  base 
of  frame  relay  customers.  So  this  is 
a  way  to  begin  the  migration.” 

Later  this  year,  Verizon  Business 
plans  to  boost  bandwidth  on  up  to 
three  routes  in  its  ultra-long-haul 
backbone  to  40Gbps  from 
lOGbps.  The  upgrade  was  tested 
last  year  on  a  route  between  San 
Francisco  and  San  Jose  in  which 
lOGbps  and  40Gbps  wavelengths 
were  supported  on  the  same  fiber 
carrying  high-definition  television 


videoconferences,  gaming,  music 
downloads,  VoIP  and  hundreds  of 
videostreams,  Briggs  said. 

The  Verizon  Business  backbone 
can  support  80  40Gbps  wave¬ 
lengths,  he  said.  But  even  though 
40Gbps  is  not  yet  rolled  out,  Veri¬ 
zon  Business  is  looking  past  that 
to  lOOGbps  and  160Gbps. 

The  carrier  says  it  hopes  to  have 
the  increases  in  the  next  two  or 
three  years,  Briggs  said,  while 
maintaining  the  80-wavelength 
capacity 

AT&T  and  Global  Crossing  also 
have  plans  to  boost  backbone 
bandwidth  to  40Gbps  but  neither 
carrier  has  discussed  going 
beyond  this. 

Another  enhancement,  sched¬ 
uled  for  early  next  year,  will  be 
flow-through  provisioning,  in 
which  customers  will  be  able  to 
turn  up  new  circuits  or  increase 
bandwidth  in  real  time  vs.  waiting 


two  to  three  weeks.  For  example, 
users  will  be  able  to  go  from  100M 
to  lGbps  in  a  matter  of 
minutes  through  a 
Web  portal,  Briggs 
said. 

Flow-through  provi¬ 
sioning  also  will  cut 
access  and  opera¬ 
tional  costs  for  Verizon 
Business,  savings  that 
could  be  passed  on  to 
customers. 

Key  to  enabling  flow¬ 
through  provisioning 
is  a  hybrid  Ethernet/ 

TDM  switch  in  Verizon 
Business’  Converged 
Packet  Access  (CPA)  architecture 
to  enable  the  transition  from  digi¬ 
tal  cross  connects  to  real-time 
Ethernet.  Verizon  Business  has 
these  switches  in  its  labs  today  for 
deployment  next  year,  Briggs  said. 

Briggs  would  not  disclose  the 


vendors  of  the  switches  being  test¬ 
ed  but  confirmed  that  Tellabs  is 
the  carrier’s  current 
CPA  supplier. 
Tellabs’  switches  are 
deployed  in  29  mar¬ 
kets  in  eight  coun¬ 
tries,  he  said. 

Also  on  tap  for 
next  year  is  the  con¬ 
vergence  of  five  sep¬ 
arate  IP  networks 
into  one  backbone. 
The  former  MCI  op¬ 
erated  three  distinct 
IP  networks  —  pub¬ 
lic,  private  and  very 
high  speed  Back¬ 
bone  Network  Services  for  govern¬ 
ment  customers  —  while  Verizon 
operated  two. 

Consolidating  these  networks 
will  reduce  by  50%  the  number  of 
routers  Verizon  Business  requires, 
because  these  networks  will  be 


Verizon  Business'  Fred 
Briggs  ran  through  a 
litany  of  projects  the 
company  is  tackling. 


Intel  hopes  to  stem  AMD  tide 


Souped  up  Xeon 

Intel  is  banking  on  its  new  Core  microarchitecture  to  close 
the  power/performance  gap  with  AMD. The  two-processor 
HP  ProLiant  DL380,  pictured  here,  starts  at  around  $2,500. 
Features  of  the  new  dual-core  Xeon,  code-named  Woodcrest, 
include: 

•  A  new  design  based  on  the  Pentium  M  processor,  a  low-power  chip  for  mobile 
personal  computing. 

•  A  power  threshold  of  no  more  than  80  watts,  compared  with  as  high  as  130 
watts  for  today's  Xeon  systems. 

•  As  much  as  an  80%  performance  improvement  over  current  dual-core  Xeons. 

•  Intel  Intelligent  Power  Capability  to  ramp  up  power  only  when  needed. 


BY  JENNIFER  MEARS 

Intel  today  is  expected  to  release 
its  long-awaited  Woodcrest  chip,  a 
dual-core  Xeon  processor  that 
uses  the  chip  maker’s  new  Core 
microarchitecture  to  provide  cus¬ 
tomers  with  better  performance  in 
cooler-running  packages. 

Intel  is  hoping  Woodcrest,  which 
is  the  first  of  several  next-genera¬ 
tion  processors  that  is  scheduled 
to  debut  in  the  next  few  months, 
will  help  it  regain  footing  in  a  serv¬ 
er  market  that  increasingly  is  cen¬ 
tered  around  higher  performance 
and  lower  power  demands. 

Woodcrest  is  designed  to  run 
applications  more  energy  effi¬ 
ciently  by  letting  each  core  in  a 
multicore  system  handle  a  larger 
number  of  instruction  sets  simul¬ 
taneously  Another  feature  that 
should  boost  performance  and 
reduce  power  consumption  is  a  shared  Layer 
2  cache  that  is  allocated  dynamically  accord¬ 
ing  to  the  needs  of  each  core. 

All  the  major  server  vendors,  including  Dell, 
HP  and  IBM,  plan  to  introduce  servers  based 
on  the  new  Xeon  today 

“This  really  does  get  Intel  back  on  the  right 
playing  field  again,”  says  Gordon  Haff,  an  ana¬ 
lyst  with  illuminata.“This  release  is  a  pretty  big 
deal  for  Intel  because  this  is  the  first  time  in  a 
while  that  you  can  look  at  the  technical  specs 
of  [Opteron  and  Xeon]  products  and  say  this 
is  really  competitive.” 

The  renewed  competition  should  be  good 
i  lews  for  enterprise  buyers,  as  the  chip  makers 
square  off  on  price,  Haff  says. 


“There  has  been  speculation  that  the 
Woodcrest  launch  is  going  to  touch  off  some 
price  wars  between  [Advanced  Micro  De¬ 
vices]  and  Intel  as  Intel  tries  to  get  some  share 
back,”  Haff  says. 

AMD  has  been  chipping  away  at  Intel’s  dom¬ 
ination  of  the  x86  market.  In  April,  AMD  cited 
numbers  from  Mercury  Research  that  it  had 
increased  its  share  of  the  market  from  16%  in 
the  fourth  quarter  of  2005  to  22%  in  the  first 
quarter  of  this  year.  A  year  ago,  AMD  account¬ 
ed  for  just  7%  of  the  x86  market.  Intel  holds 
most  of  the  remaining  market. 

Interestingly,  AMD’s  biggest  gains  come  at  the 
high  end.  According  to  Gartner,  AMD  account¬ 
ed  for  29%  of  all  four-socket  server  shipments  in 


the  first  quarter  of  this  year,  com¬ 
pared  with  less  than  1%  in  2003. 
Intel  held  about  53%  of  the  four- 
socket  server  market  in  the  first 
quarter. 

A  major  reason  for  the  market 
share  gains  is  Opteron’s  Direct 
Connect  Architecture,  which  en¬ 
ables  the  chip  to  perform  better 
with  lower  power  demands.  The 
Direct  Connect  Architecture  links 
the  CPU  directly  with  memory  I/O 
and  other  CPUs,  and  eliminates 
traffic  bottlenecks  that  can  occur 
when  moving  data  on  and  off  the 
processor  via  a  front-side  bus, 
which  Intel’s  Xeon  chip  uses.  In 
addition,  Opteron’s  on-chip  mem¬ 
ory  controller  gives  the  CPU  a 
boost  when  transferring  data  be¬ 
tween  the  processor  and  the  rest 
of  the  system,  analysts  say 
While  analysts  don’t  expect 
Xeon  to  have  an  on-board  memory  controller 
for  some  time,  they  say  the  new  architecture 
could  help  Intel  start  to  erode  some  of 
Opteron’s  edge  by  doing  more  work  with  less 
power. 

In  addition  to  Woodcrest,  Core  architecture 
processors  for  the  desktop,  code-named 
Conroe,  and  for  mobile  computing,  code- 
named  Merom,  are  scheduled  to  begin  ship¬ 
ping  over  the  next  few  months. 

“AMD  isn’t  standing  still  here,  so  Intel  can  by 
no  means  sit  back  and  relax,”  Haff  says.“But  it 
must  feel  good  for  them  to  at  least  get  a  prod¬ 
uct  out  in  the  server  space  that  for  the  first  time 
in  a  couple  of  years  really  is  functionally  com¬ 
parable  to  what  AMD  has  to  offer’’  ■ 


logically  separated  within  a  single 
core  backbone  router.  It  also  will 
improve  resiliency  and  provide 
higher  availability  for  enterprise 
customers  through  hitless  switch¬ 
ing  —  the  ability  to  not  interrupt 
service  while  upgrades  or  repairs 
are  made,  Briggs  said. 

But  Verizon  Business  has  yet  to 
find  the  core  router  to  fulfill  that 
role.  The  carrier  is  putting  routers 
from  Cisco,  Juniper  and  others 
through  trials. 

And  this  is  two  years  after  MCI 
publicly  endorsed  Cisco’s  CRS-1 
core  router  at  a  press  conference 
to  launch  the  product.  To  date, 
Verizon  Business  has  not  de¬ 
ployed  a  single  CRS-1  in  its  back¬ 
bone,  which  is  Juniper-based, 
Briggs  said. 

Considering  the  carrier’s  re¬ 
quirements,  it’s  not  surprising,  ana¬ 
lysts  say 

“Verizon  has  said  publicly  that 
they  don’t  believe  any  router  ven¬ 
dor  meets  their  requirements  yet 
in  terms  of  high  availability’  says 
Mark  Seery  of  Ovum. “They ’re  turn¬ 
ing  out  to  be  a  tough  customer.  If 
you’re  going  to  bet  your  whole 
company  on  one  infrastructure  it 
better  be  a  pretty  damn  good 
infrastructure.” 

Verizon  Business  has  begun 
offering  a  new  consulting  service 
to  help  enterprises  prepare  for 
and  recover  from  natural  and 
man-made  disasters.  Its  StormCon 
service  has  been  used  internally 
for  three  years  but  is  now  avail¬ 
able  as  a  stand-alone  or  addition¬ 
al  service  to  the  carrier’s  business 
resilience  offerings. 

The  four-stage  consulting  ser¬ 
vice  begins  within  84  hours  of  an 
impending  storm  by  readying  the 
network  and  associated  power 
and  fueling  equipment,  and  ends 
with  damage  assessment,  estab¬ 
lishing  priorities  for  recovery  and 
developing  incident  action  plans. 

Verizon  Business  also  an¬ 
nounced  last  week  its  VoIP  Secu¬ 
rity  Assessment  Service,  which  is 
designed  to  identify  and  address 
potential  vulnerabilities  associat¬ 
ed  with  customer  premises-based 
VoIP  and  hosted  IP  PBX  systems 
from  any  hardware  or  software 
vendor.  Vulnerabilities  include 
loss  of  service,  fraud,  privacy, 
denial-of-service  attacks,  viruses 
and  spam,  as  well  as  those  related 
to  the  integration  and  interoper¬ 
ability  of  VoIP  software  and  hard¬ 
ware,  and  those  created  when  traf¬ 
fic  is  handed  off  between  tradi¬ 
tional  phone  and  next-generation 
VoIP  networks  H 


One  man’s  fight  against  rootkits 


The  Sony  rootkit  discoverer 
says  there’s  no  such  thing  as 
a  good  rootkit. 


When  Mark  Russinovich  last  October  revealed  how 
Sony  BMG  Music  Entertainment  was  secretly  using  a 
rootkit  aimed  at  copyright  protection  for  its  CDs,  the 
public  took  Sony  to  task  —  and  to  court  —  and  Russinovich  gained  some 
unexpected  fame.  The  Sony  case  has  been  settled,  but  experts  say  the  root¬ 
kit  threat  is  growing.  Network  World  Senior  Editor  Ellen  Messmer  recently 
spoke  with  Russinovich,  co-founder  ofWinternals  Software,  about  where  the 
rootkit  situation  stands  today. 

Is  there  a  common  definition  of  a  rootkit? 

Not  one  formally  agreed  upon,  but  the  one  I  came  up  with  is  that  it  is  anything 
in  the  software  realm  that  hides  objects  from  standard  security  administration  or 
management. 

While  rootkits  used  by  malicious  hackers  are  obviously  bad,  there  are  arguments  as  to 
whether  rootkits  could  be  used  in  commercial  software  for  good  purposes.  What's  your 
view? 

There  is  no  such  thing  as  a  good  rootkit.They  modify  the  way  the  operating  sys¬ 
tem  works,  and  that  causes  pain  on  the  part  of  the  person  managing  the  system. 
Cloaked  objects  could  introduce  vulnerabilities  in  the  system,  as  happened  with 
the  Sony  rootkit. 


There’s  an  accelerated  use  of  rootkits.  More  and  more,  viruses  are  shipped  with 
them.  People  are  paying  for  this  now  in  the  context  of  spyware  and  botnets, 
because  sophisticated  people  are  treating  rootkits  like  a  business.  By  the  way,  the 
very  first  virus  on  the  PC  —  20  years  ago  this  year  —  was  called  Brain,  and  it  was  a 
rootkit  that  has  been  coined  a  stealth  virus. 

What's  the  difference  between  a  user-mode  and  a  kernel-mode  rootkit? 

At  the  [administrative]  level,  a  rootkit  can  install  itself  at  the  system  level  in  ker¬ 
nel  mode.  A  user-mode  rootkit  could  be  installed  by  a  person  without  administra¬ 
tive  privileges. 


“Sony’s  [rootkit]  was 
installed  without  the 
user’s  knowledge  and 
was  there  to  limit 
the  user.’’ 


Is  there  a  guaranteed  way  to  find  all 
rootkits? 

There  is  no  100%  remedy  for  root¬ 
kits. 


Why  is  it  so  hard  to  do  away  with  rootkits? 

The  problem  fundamentally  is  there 
are  so  many  ways  to  extend  Windows 
and  modify  its  behavior.  It’s  not  possi¬ 
ble  to  tell  evil  and  good  extensions  apart.  All  operating  system  software  suffers 
from  this.  If  you  have  a  single  instance  of  malicious  code  that  executes  in  a 
machine,  you  have  to  assume  you  lost  control  of  the  machine. 

So  what  was  it  like  when  you  announced  in  your  blog  you  had  discovered  a  rootkit  used  by 
Sony  BMG  for  its  CDs? 

Literally  six  hours  after  revealing  it,  it  was  on  Slashdot,and  in  the  mainstream 
media  in  the  next  few  days.  I  ended  up  serving  as  an  expert  for  the  first  class-action 
lawsuit  that  was  filed,  by  supplying  a  statement. 


How  prevalent  are  rootkits  with  obvious  malicious  intent? 


See  Russinovich,  page  18 


18  •  www.networkworld.com  •  6.26.06 


Russinovich 

continued  from  page  17 

Were  you  looking  for  a  rootkit  in  this  case? 

I  just  happened  to  purchase  a  CD.  I 
don’t  make  it  my  job  to  go  out  and  police 
software.  But  I  make  it  a  point  to  under¬ 
stand  what  is  going  on  when  there’s  any 
strangeness  in  Windows. 

What  happened  in  the  case  earlier  this  year 
when  you  accused  Symantec  of  using  rootkit 
techniques  in  its  SystemsExpert  product? 

I  didn’t  view  that  in  the  same  light  as 
the  Sony  [case] .  Sony’s  was  installed 
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without  the  user’s  knowledge  and  was 
there  to  limit  the  user.  In  Symantec’s 
case,  they  thought  it  would  help  the 
user,  but  that  was  flawed  and  they 
admitted  it. 

Why  don't  you  sell  your  freeware, 
RootkitRevealer? 

Because  we  don’t  believe  in  charging 
for  something  that  we  can’t  guarantee 
can  reveal  everything. 

Is  any  company  leading  the  attack  on  this 
problem? 

Not  that  I’m  aware  of. The  bottom  line 
is,  don’t  trust  your  ability  to  clean  your 
machine  of  a  rootkit.You’ve  got  to  assume 
the  worst.  My  advice  is,  wipe  the  system 
and  start  from  scratch.You’ll  have  to  do  it 
manually 

So  what  approach  do  you  take  to  the  rootkit 
problem  inside  your  company? 

We  came  up  with  software  with  applica¬ 
tion  controls,  which  is  policy-specific 
about  what  users  can  run.  It’s  a  way  to 
prevent  unrecognized  applications  from 
executing  through  the  standard  operating 
system. 


Tell  us  about  the  contest  you  had  to  detect 
rootkits  designed  by  the  Czech-based  designer 
calling  himself  Holy  Father,  who  was  selling 
gold  versions  of  his  rootkits  for  hundreds  of 
dollars  until  he  dropped  out  of  sight  on  the 
Web  earlier  this  year. 

I  was  never  actually  in  direct  commu¬ 
nication  with  Holy  Father.  He  would  say 
things  publicly  on  his  Web  site,  advertis¬ 
ing  how  his  gold  rootkit  would  defeat 
our  detector,  RootkitRevealer.  It  was  an 
intriguing  contest.  And  he  had  the 
upper  hand.  We  were  releasing 
RootkitRevealer  publicly  to  defeat  his 
plain-vanilla  root-  kits,  but  his  gold  ver¬ 
sions  were  only  revealed  to  his  cus¬ 
tomers. 

How  did  you  get  interested  in  rootkits? 

With  my  background  in  operating  sys¬ 
tems,  I  was  familiar  with  rootkits  for  Unix 
systems  back  in  the  mid-’90s.  Rootkits 
generally  involved  modifying  the  way  the 
operating  system  works.  In  my  Ph.D.  in 
’94  at  Carnegie  Mellon  University  titled 
“Application  Transparent  Fault  Tolerance,” 

I  was  dealing  with  some  hooks  in  the 
operating  system  that  a  rootkit  might  use. 
Later,  one  of  the  tools  I  wrote  for 


Windows  was  Regmon,  because  until  a 
few  years  ago,  we  had  no  way  to  monitor 
the  registry  activities.The  system-hooking 
techniques  we  published  in  Dr.Dobb’s 
Journal  in  ’96  was  a  bread-and-butter 
technique  for  intercepting  the  operating 
system.  I’m  always  watching  what’s  going 
on  in  development,  for  example  at 
Rootkit. com. The  Sony  rootkit  was  one 
that  generated  mainstream  awareness,  so 
in  March,  we  made  Rootkit  Revealer 
available  on  [his  hobby  site  for  freeware] 
Syslnternals.  It  uses  a  cross-view  compari¬ 
son  to  look  at  a  system  using  APIs.  ■ 
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WAN  improvements  speed  hospital  net 


BY  TIM  GREENE 

Kootenai  Medical  Center  and  four 
other  hospitals  in  northern  Idaho 
faced  a  problem:  Their  regional 
hub-and-spoke  network  connecting  to 
a  common  medical  data  center  in  Spo¬ 
kane,  Wash.,  was  too  slow  to  transfer 
medical  images  in  a  timely  manner. 

A  combination  of  additional  links  and 
gear  from  Converged  Access  solved  the 
problem  and  staved  off  the  need  to  buy 
even  more  T-ls  —  costly  and  scarce  in 
that  rural  part  of  the  state,  says  Tom 
Legel.CIO  of  Kootenai. 

The  problem  wasn’t  the  100Mbps 
fiber  link  between  Kootenai  —  the  hub 
of  the  regional  network  in  Coeur 
d’Alene,  Idaho  —  but  rather,  the  T-ls 
(see  graphic). Given  the  huge  CT  scans, 
clinical-data  transfers  and  business 
applications,  contention  for  bandwidth 
created  problems  for  doctors  trying  to 
read  images  remotely,  he  says. 

“The  real  issue  was  transmitting  those 
images  quickly  and  timely  because 
images  are  a  tremendous  size  in  terms 


Priority  trumps  bandwidth 


Giving  top  priority  to  medical  images,  hospitals  in  five  Idaho  towns  used 
Converged  Access  gear  to  speed  up  traffic  to  avoid  buying  moreT-1  lines. 


of  bytes,”  Legel  says.“ln  a  lot  of  cases  the 
radiologist  in  Coeur  d’Alene  tries  to 
read  for  other  hospitals.” 

The  hospitals  kicked  in  to  buy  an  addi¬ 


tional  T-l  linking  them  to  Kootenai, 
which  helped  but  didn’t  solve  the  prob¬ 
lem.  So  they  considered  buying  even 

See  Converged,  page  22 


Inter-Tel  bolsters  Linux-based  IP  PBX 

Built-in  presence,  unified-messaging  features  are  aimed  at  small  and  midsize  companies. 


■  RedSeal  Systems  made  its  debut  last 
week  with  a  security  appliance  that  sup¬ 
ports  risk  management  through  visualiza¬ 
tion  of  a  corporate  network’s  exposure  to 
threats.  RedSeal’s  Security  Risk 
Management  3000,  expected  to  ship  by  the 
end  of  next  month,  aggregates  informa¬ 
tion  about  access-control  lists  from  fire¬ 
walls  and  routers,  as  well  as  holes  found 
by  vulnerability-assessment  scanners. 
SRM  3000,  which  also  suggests  mitigation 
procedures,  competes  with  Skybox 
Security’s  Skybox  View  product.  The  first 
release  of  SRM  3000  will  be  limited  to 
supporting  Cisco  lOS-based  router  and 
PIX  versions  5,  6  and  7;  Check  Point's 
SmartCenter;  and  vulnerability- 
assessment  scanners  from  Qualys  and 
Nessus.The  SMS  3000  appliance  starts  at 
$50,000  for  use  with  25  network  devices. 

■  The  growth  in  malicious  software  is 

proving  fortuitous  for  anti-virus  compa¬ 
nies.  Gartner  last  week  said  the  industry 
grew  almost  14%  in  2005,  with  revenue 
totaling  $4  billion.  Gartner  also  predicts 
double-digit  growth  in  the  shortterm. 
Vendors  are  expected  to  add  security 
features  to  software,  such  as  anti¬ 
spyware  and  firewall  functions,  as  the 
competing  products  become  more 
closely  matched  in  performance,  wrote 
Nicole  Latimer-Livingston,  principal 
research  analyst.  Symantec  holds  a 
majority  of  the  market  at  54%,  followed 
by  McAfee  and  Trend  Micro. 

■  Samsung  has  started  shipping  a 
router  designed  for  corporate  users. 
Samsung’s  first  corporate  network  prod¬ 
uct,  the  Ubigate  iBG3026,  is  billed  as  an 
enterprise  switch  router  combining  the 
functions  of  a  switch,  router,  VoIP  gate¬ 
way  and  firewall.  The  rack-mountable 
iBG3026  is  designed  for  midsize  networks 
that  support  100  to  300  users.  It  is  avail¬ 
able  in  South  Korea  and  China,  and  will 
be  available  worldwide  by  year-end,  the 
company  said.  Samsung  plans  to  sell 
additional  network  products  in  the  sec¬ 
ond  half  of  this  year.  The  iBG2006  and 
iBG2016  will  be  targeted  at  smaller  offices, 
supporting  as  many  as  50  users  and  from 
50  to  100  users,  respectively.  During  the 
second  quarter  of  2007,  Samsung  will 
introduce  the  iBG3046,  which  is  designed 
for  large,  corporate  networks  with  more 
than  300  users. 


BY  PHIL  HOCHMUTH 

Inter-Tel  later  this  month  is  expected  to 
announce  a  Linux-based  IP  PBX  with 
multimedia  support,  presence  and  other 
advanced  communications  features  that 
could  help  users  perform  their  jobs 
more  efficiently. 

The  Inter-Tel  7000  will  be  a  Session 
Initiation  Protocol  (SlP)-based  IP  PBX 
that  can  support  as  many  as  2,000  IP 
phones,  as  well  as  analog  handsets,  via  a 
built-in  gateway. 

The  phone  system  includes  built-in 
multimedia  messaging  applications 
based  on  SIP  that  could  improve  user 
productivity  with  features  such  as  uni¬ 
fied-messaging  options  and  integrated 
instant  messaging  and  presence  tech¬ 
nology,  according  to  Inter-Tel. 

The  Inter-Tel  7000  includes  two  appli¬ 
ances:  a  call-processing  server,  which  has 


SIP-based  call  control  and  features;  and  a 
media  server,  which  includes  presence  1M 
and  unified  voice  mail  and  e-mail  applica¬ 
tions.  One  media  server  feature  lets  users 
set  an  out-of-office  reply  in  Outlook  that  will 
be  flagged  as  such  in  the  1M  and  voice  mail 
systems.  If  a  user  is  on  the  phone,  his  status 
will  reflect  this  as  well. 

For  smaller  deployments  (fewer  than  100 
users),  a  single-server  appliance  can  be 
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loaded  with  the  call-processing  and  media- 
server  software. 

Inter-Tel  says  it’s  using  the  SIP-for-Business, 
or  SIP-B  protocol  extension  framework,  on 
its  telephony  and  presence  servers.  SIP-B 
defines  extra  PBX-like  features  —  such  as 
multiline  appearances  and  conference-call 
bridging  —  which  are  not  supported  by  the 
standard  40  telephony  features  provided  in 
the  basic  IETF  version  of  SiPsays  Jeff  Ford, 
Inter-Tel’s  CTO. 

For  user  interaction,  Inter-Tel  is  launch¬ 
ing  the  SIP-based  Personal  Commun¬ 
icator  software  client,  which  ties  to¬ 
gether  voice  and  e-mail  access  with 
presence,  contact-preference  settings, 
address  books  and  call  logging.  Inter-Tel 
also  is  launching  new  SIP-based  IP 
phones:  The  8690  has  an  LCD  touch 
screen;  the  8662  has  a  six-line  LCD  and 
See  Inter-Tel,  page  22 
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LAN  switches:  What  Dell  did  right 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 


I  feel  sorry  for  Dell.  Not  just 
Michael  Dell,  but  the  whole  lot  of 
them.  I  never  thought  I’d  say  this, 
but  it  is  difficult  not  to  have  that 
reaction  when  you  see  the  relent¬ 
less  hammering  that  Dell  is  get¬ 
ting  in  the  financial  and  business 
press  of  late. 

In  case  you  missed  it,  Dell  disap¬ 
pointed  Wall  Street  in  May  and  it 
soon  seemed  everyone  was  piling 
it  on  and  reciting  a  litany  of  Dell 
woes.  Some  analysts  called  it  the 
end  of  an  era,  and  many  focused 
on  where  Dell  went  wrong. 

The  analyst  attacks  had  two  tar¬ 
gets:  the  core  business  of  selling 


PCs  and  servers,  and  the  ancillary 
businesses  that  include  printers, 
storage  and  networking. 

Not  only  is  Dell’s  classically 
successful  model  not  working 
up  to  expectations  in  key  geo¬ 
graphies  such  as  Asia,  but  the 
company  also  hasn’t  been  able 
to  transfer  the  “Dell  way”  out¬ 
side  the  PC  market  to  achieve 
notable  success  in  its  ancillary 
markets,  according  to  many 
observers.  This  troubles  ana¬ 
lysts  because  future  growth  was 
to  come  through  continued 
success  in  the  core  business 
combined  with  success  in  the 
new  markets. 

Although  I  have  no  personal 
knowledge  of  the  other  ancil¬ 
lary  businesses,  I’ve  been  ob¬ 
serving  Dell’s  LAN  switch  activi¬ 
ties  since  the  first  switches  hit 
the  market  in  2001. 


It  is  clear  that  Dell  has  failed  to 
meet  its  own  expectations  with 
respect  to  sales,  but  it  is  hard  for 
me  to  come  up  with  anything 
that  the  company  did  wrong  with 
respect  to  its  switch  products. 

It  would  appear  that  Dell’s 
past  and  current  strategy  is  to 
match  or  exceed  the  functional¬ 
ity  and  performance  of  the 
equivalent  Cisco  products  and 
at  a  fraction  of  the  price.  And 
the  company  accomplished 
what  it  set  out  to  do. 

Over  the  years,  we’ve  bench- 
marked  and  certified  a  number  of 
Dell  switches,  with  wire  speed  the 
norm  and  always  exceeding 
expectations  when  it  came  to  fea¬ 
ture  set.  And  the  company  deliv¬ 
ered  this  with  per-port  prices  that 
were  usually  the  lowest  around. 

From  a  technology  viewpoint, 
Dell  entered  this  market  taking 


the  specify-and-assemble  ap¬ 
proach  that  it  took  with  PCs.The 
switch  innards  were  typically 
made  to  Dell’s  specifications  by 
tBroadcom  or  Marvell.  This  is 
the  path  many  vendors  take 
with  switches  these  days. 

The  economics  were  incon¬ 
testable.  Any  evaluation  com¬ 
paring  features  and  perform¬ 
ance  and  weighing  cost  as  a 
factor  had  Dell  a  clear  winner; 
one  cost  comparison  that  The 
Tolly  Group  prepared  some 
years  back  determined  that  the 
Dell  switch  —  including  service 
—  cost  less  than  the  three-year 
service  contract  alone  on  a 
comparable  Cisco  switch.  Can’t 
beat  the  price. 

But  the  fact  remains  that  not 
enough  users  moved  from  Cisco 
to  Dell. Why? 

My  educated  guess  is  that  the 


low-end  users  didn’t  care  what 
they  plugged  into  and  didn’t 
need  the  advanced  features  or 
the  wire-speed  throughput  that 
Dell  offered. 

At  the  higher  end,  network 
architects  probably  wanted  a 
product  suite  that  included 
WAN  routers,  firewall  and  VPN 
devices,  and  so  forth,  not  to 
mention  the  most  important 
element  —  higher-end,  chassis- 
based  switches. 

For  these  folks,  Dell  offered  a 
product  when  what  they  needed 
was  a  multidimensional  solution, 
which  was  never  in  the  cards 
from  Dell. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


IPv6  makes  itself  known 
to  U.S.  corporations 


BY  STEPHEN  LAWSON,  IDG  NEWS  SERVICE 

Any  company  that  does  business  with 
Asia  or  the  U.S.  government  should  start 
using  IPv6  as  soon  as  possible,  an  advo¬ 
cate  of  the  new  version  of  IP  told  atten¬ 
dees  of  the  recent  Burton  Group  Catalyst 
conference  in  San  Francisco. 

China,  Japan  and  South  Korea  have  man¬ 
dated  adoption  of  the  next-generation  pro¬ 
tocol, so  companies  in  other  countries  will 
be  left  behind  if  they  don’t  start  using  it, 
said  Alex  Lightman,  chairman  and  CEO  of 
Innofone.com,  an  IPv6  training  and  con¬ 
sulting  company  in  Santa  Monica,  Calif.  In 
addition  to  the  Asian  mandates,  the  U.S. 
Office  of  Management  and  Budget  last 
August  required  all  government  agencies 
to  run  IPv6  on  their  network  backbones  by 
June  2008.The  U.S.  Department  of  Defense 
also  has  called  for  all  military  networks  to 
migrate  by  2008. 

IPv6  has  languished  on  the  to-do  lists  of 
most  U.S.  IT  executives  even  though  it  has 
more  than  10  years  of  development 
behind  it  and  is  deployed  in  some  produc¬ 
tion  networks.  An  international  IPv6  test¬ 
bed  network  called  the  6bone  was  shut 
down  last  week  as  planned,  because  the 
protocol  is  moving  from  testing  to  com¬ 
mercial  deployment.  It  is  possible  for  a 
company  to  support  IPv6  and  the  current 
IPv4  protocol  simultaneously. 

The  main  benefit  of  the  new  protocol  is 


an  addressing  system  that  far  outstrips  any 
forecast  need  for  IP  addresses  assigned  to 
people  and  devices.  The  fear  of  running 
out  of  addresses  is  one  reason  countries 
such  as  China  cite  for  adopting  the  system. 
As  the  birthplace  of  the  Internet,  however, 
the  United  States  has  the  lion’s  share  of 
addresses  under  the  current  protocol  and 
is  in  less  danger  of  running  out  soon. 

Adopting  IPv6  will  be  critical  for  U.S. 
companies  in  doing  international  busi¬ 
ness,  acquiring  or  merging  with  foreign 
companies,  and  making  products  to  sell  in 
other  countries,  Lightman  said.  There  will 
soon  be  Web  sites  that  can’t  be  reached 
without  IPv6,  he  warned. 

Burton  Group  analyst  Jeffrey  Young  took 
the  opposing  side  in  the  conference  ses¬ 
sion,  arguing  there  is  no  need  for  most  U.S. 
businesses  to  start  using  IPv6  —  yet.  Steps 
already  taken  to  solve  the  address  limita¬ 
tions  of  IPv4, such  as  Classless  Inter-Domain 
Routing  (CIDR)  and  network  address  trans¬ 
lation  (NAT)  have  worked  well,  he  said. 
CIDR  is  a  more  flexible  addressing  method 
for  the  Internet,  and  NAT  is  a  system  that 
translates  a  single  Internet  address  into 
many  local  addresses. 

“You  prepare,  but  you  don’t  waste  your 
money  right  nowfYoung  said. “It’s  going  to 
come;  it’s  not  this  year,  it’s  not  next  year? 
Young  adds  he  believes  U.S.  enterprises 
will  need  to  deploy  IPv6  by  about  2017.  ■ 


Converged 

continued  from  page  21 

more  bandwidth  but  the  cost  became  pro¬ 
hibitive.  A  T-l  between  Coeur  d’Alene  and 
just  one  of  the  hospitals  in  Sandpoint  is 
$1,800  per  month  for  the  45-mile  connec¬ 
tion.  That  adds  up  to  more  than  $200,000 
per  year  extra  for  one  hospital,  he  says. 

The  hospitals  tried  adding  intelligence 
to  the  network  with  Converged  Traffic 
Manager,  an  appliance  that  prioritizes, 
compresses  and  optimizes  applications 
to  make  traffic  flow  more  smoothly.  After 
a  week,  Legel  installed  five  of  the  devices 
in  the  live  network,  one  at  each  site.  The 
Traffic  Manager  at  Kootenai  talked  to  the 
other  four  and  shaped  the  links  to  give 
three  levels  of  priority:  imaging  followed 
by  clinical  records  and  then  business 
applications,  he  says. 

It  took  about  a  week  to  send  a  techni¬ 
cian  to  each  hospital  to  install  the  devices 
and  sync  them  up  with  the  hub  device  at 
Kootenai,  Legel  says.  Setup  was  done  with- 


Inter-Tel 

continued  from  page  21 

the  8622  has  a  two-line  text  display.  A 
Windows  CE-based  PDA  IP  phone  client 
also  is  available. 

One  analyst  says  the  Inter-Tel  7000  launch 
gives  users  a  higher-scaling  phone  system 
than  previous,  H.323-based  and  digital  PBX 
systems  offered  by  the  company 
“The  existing  Axxess  [PBX]  and  Inter- 
Tel  5000  [non-SIP  IP  PBX]  platforms 
have  strong  multisystem  networking 


out  requiring  notification  or  help  from  the 
local  T-l  carrier, Verizon,  he  says. 

The  hospitals  bought  the  Converged 
Access  gear  about  a  year  ago,  and  with  the 
cost  of  more  bandwidth  avoided,  they 
were  expected  to  pay  for  themselves  in  14 
months,  Legel  says. 

A  side  benefit  was  that  the  gear  gave  the 
medical  center  a  view  into  the  use  of  a  Wi¬ 
Fi  network  it  had  established  in  the  area 
for  doctor  office  or  at-home  use  of  hospi¬ 
tal  applications.  Three  additional  Con¬ 
verged  Access  boxes  installed  in  the  Wi-Fi 
network  let  the  hospital  set  policies  so  that 
during  busy  periods  critical  business  traf¬ 
fic  got  priority. 

Legel  says  an  important  lesson  earned 
from  the  experience  was  always  to  check 
beyond  what  service  providers  offer  to 
improve  network  performance.  “Figure 
you  need  to  challenge  the  local  phone 
company,  because  in  some  cases  they 
don’t  have  the  technology  you  need,” 
Legel  says.“Always  look  for  different  ways 
of  doing  things.”® 


capabilities,”  says  Frank  Stinson,  princi¬ 
pal  analyst  at  IntelliCom  Analytics  “The 
Inter-Tel  7000  provides  greater  scalabil¬ 
ity  per  system  and  delivers  additional 
capabilities  that  will  appeal  to  enter¬ 
prise  customers.” 

Basing  the  product  on  SIP  and  offering 
a  presence  server  as  a  default  gives  users 
a  more  flexible  IP  PBX  system  than  some 
competitive,  entry-level  VoIP  systems  for 
small  to  midsize  businesses. 

The  Inter-Tel  7000  will  be  available  in 
July  and  start  at  around  $640  per  seat.  ■ 
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MAINFRAME 

COMMUNICATIONS 


Network  support  key  as  mainframe  evolves 


BY  JENNIFER  MEARS 

As  IBM  evolves  the  mainframe  as  a 
hub  for  increasingly  on-demand 
data  centers,  it  is  fine-tuning  how  the 
Big  Iron  communicates  with  other 
devices  on  distributed  networks,  making  it 
easier  to  support  LANs,  enhancing  the  per¬ 
formance  and  bandwidth  of  network  links 
and  adding  security  features  specifically 
designed  for  service-oriented  architectures. 

For  the  last  year  or  so,  IBM  has  placed  a 
greater  focus  on  improving  Big  Iron  net¬ 
work  capabilities  as  more  customers  run 
Java-  and  Linux-based  workloads  on  the 
machines  and  move  to  push  legacy 
mainframe  applications  into  the  Web  ser¬ 
vices  world. 

That  places  greater  demands  on  the 
mainframe,  best  known  for  its  reliability, 
scalability  and  performance,  to  act  as  more 
of  a  peer  in  today’s  network  architectures, 
analysts  say 

“The  old  model  was  that  networking  was 
going  to  be  largely  between  IBM  devices 
across  SNA.The  new  model  is  that  network¬ 
ing  is  something  that  happens  between 
mainframes  and  the  rest  of  the  world  over 
IFfsays  Jonathan  Eunice,  founder  and  prin¬ 
cipal  IT  analyst  at  Illuminata.“Whether  that 
[networking]  is  through  a  direct  IP  connec¬ 
tion  or  through  a  multilayer  protocol  stack 
[such  as  Web  services]  is  fairly  immaterial; 
that  the  z  folks  have  shifted  their  mind-set 
and  the  use  cases  that  they  design  the  gear 
and  software  for  —  that’s  huge.” 

A  new  world 

Hannaford  Brothers  grocery  store  chain, 
for  example,  is  moving  its  mainframe  CICS 
transactions  toward  Web  services  thanks  to 
new  software  tools  from  IBM. 

“CICS  is  IBM’s  original  technology,  but 
IBM  has  upgraded  it, so  with  very  few  mod¬ 
ifications,  we  can  put  a  Web  front  end 
using  standard  [Simple  Object  Access  Pro¬ 
tocol]  to  existing  CICS  transactions,”  says 
Bill  Homa.CIO  at  the  Scarborough,  Maine, 
company. 

Hannaford  Brothers  recently  tested  a  ven- 
dor-to-vendor  CICS  transaction  using  the 
Web  services  framework  and  was  happy 
with  the  results. 

“We  were  curious  how  it  would  work,” 
Homa  says.  “It  wasn’t  very  hard  to  do,  and 
the  response  time  was  terrific.” 

Response  time  and  the  need  to  interact 
with  a  variety  of  platforms  and  devices  are 
pushing  IBM  to  think  more  broadly  about 
how  the  mainframe  should  communicate. 


Virtualization,  network  management  and 
security  are  at  the  top  of  list  when  it  comes 
to  the  mainframe  communications  road 
map,  says  Jim  Porell,  senior  technical  staff 
member  and  chief  architect  for  IBM’s  main¬ 
frame  software  group. 

“The  mainframe  doesn’t  exist  without  a 
network  anymore,’ ’he  says, explaining  that  it 
must  embrace  and  integrate  with  other 
technologies. 

“In  this  interconnected  world,  one  of  the 
questions  is  ‘Can  we  help  the  other  guys? 
Can  we  make  the  Intel,  RISC  space  better 
because  we’re  a  part  of  it?”’ Porell  says.“The 
enterprisewide  role  is  really  the  big  change 
that  is  happening”  with  the  mainframe. 


Connecting  the  mainframe 

Today's  mainframe  can  support  a  number 

of  network  technologies  including: 

•  TCP/IP 

•  SNA/IP,  which  preserves  investments  in  SNA-based 
transaction  applications  by  encapsulating  SNA  traffic  in 
TCP  packets,  for  example. 

•  FICON  Express4,  a  proprietary  fiber  connection  IBM 
created  for  the  mainframe  that  now  supports  transfer 
rates  of  up  to  4Gbps. 

•  Fibre  Channel  Protocol  to  enable  Linux  instances  on  the 
zSeries  to  communicate  with  SCSI  devices. 


New  and  improved 

Connecting  to  other  platforms  means 
making  greater  use  of  TCP/IP  As  a  result, 
IBM  continues  to  advance  its  Open  Systems 
Adapter  (OSA)  card,  the  network  controller 
for  the  mainframe. 

Big  Blue’s  newest  mainframes,  the  System 
z9  Enterprise  Class  introduced  last  fall  and 
the  System  z9  Business  Class  that  had  its 
debut  in  the  spring,  include  OSA-Express2. 

The  new  OSA  card,  which  is  installed  in 
the  mainframe’s  I/O  cage,  can  support  a 
broad  range  of  Ethernet  connectivity  from 
1000  Base-T  Ethernet  to  Gigabit  Ethernet  to 
100  Gigabit  Ethernet.  In  addition,  IBM  has 
enhanced  the  virtual  LAN  (VLAN)  capabil¬ 
ities,  enabling  users  to  set  priorities  for  net¬ 
work  traffic  using  IEEE  802. IQ. 

“IBM  is  doing  a  lot  of  work  on  the  main¬ 
frame  in  terms  of  virtualization  of  IP  ad¬ 
dresses  and  that  makes  it  incredibly  easy  to 
move  workloads  around,”  Homa  says. 

Mike  Kahn,  managing  director  of  the 
Clipper  Group,  says  the  updated  virtualiza¬ 
tion  capabilities  combined  with  expanded 
networking  throughput  make  the  main¬ 
frame  more  capable  of  fitting  in  with  next- 
generation  SOAs. 

“The  availability  of  10  Gigabit  Ethernet 
that’s  partitionable  with  the  virtual  LAN  — 
that’s  very  exciting,” he  says.The  big  benefit 
to  a  lot  of  this  is  it  allows  legacy  applica¬ 
tions  —  COBOL  and  CICS  —  to  be  assigned 
virtual  network  resources  without  having  to 
change  any  of  the  code.” 

The  next  release  of  the  mainframe  oper¬ 
ating  system,  z/OS  1.8,  due  out  in  Septem¬ 
ber,  will  make  network  authentication  eas¬ 
ier  with  the  capability  for  Cisco  devices 
to  communicate  with  the  mainframe  and 
ensure  that  all  network  points  are  pro¬ 
tected,  Fbrell  says. 


“Our  upcoming  release,  z/OS  1.8  has  a 
new  function  . . .  that  is  a  way  that  the  Cisco 
device  can  say‘Oh,this  digital  certificate  ex¬ 
pired.  Let  me  go  back  to  the  source  and  re¬ 
allocate  it  without  having  to  do  manual 
intervention.’  It  will  automate  a  lot  of  those 
operations,”  he  says. 

IBM  also  is  improving  how  the  mainframe 
does  what  it  does  best:  communicate  inter¬ 
nally  and  with  other  mainframes  as  it  acts 
as  the  central  processing  engine  and  data 
store  for  the  most  important  business  appli¬ 
cations.  HiperSockets,  the  mainframe’s  in¬ 
ternal  memory-to-memory  communica¬ 
tion,  for  example,  now  supports  IFV6.  Ex¬ 
ternally  the  new  System  z9  mainframes  sup¬ 
port  FICON  Express4,  meaning  data  is 
moved  in  and  out  of  the  systems  at  rates  of 
up  to  4Gbps. 

IBM  also  is  working  on  extending  its 
Parallel  Sysplex  mirroring  technology  that 
for  the  past  few  years  has  enabled  cus¬ 
tomers  to  replicate  data  on  disparate  main¬ 
frames  as  much  as  100  miles  apart.  In  the 
future,  customers  will  also  be  able  to  copy 
on  Linux  platforms  within  System  z. 

“So  that  z/OS  can  not  only  be  copying 
and  helping  to  facilitate  remote  copies  of 
our  local  data,  but  also  the  Linux  data  that’s 
on  the  same  box  in  another  logical  parti¬ 
tion,”  Fbrell  says.  “We’re  looking  at  piloting 
that  first  with  Linux  on  System  z  then  on 
Linux  on  another  platform.” 

The  idea,  he  says,  is  to  make  better  use  of 
the  mainframe’s  disaster  recovery  and  data 
management  expertise  by  more  tightly  link¬ 
ing  with  other  platforms. 

“The  question  is  how  do  1  leverage  the 
network  and  truly  share  data?”  he  says.  “By 
sharing  data  [rather  than  replicating  it  on 
multiple  platforms],  I  have  better  audit  and 
control.  I  can  start  reducing  the  complexity 


when  it  comes  to  [Health  Insurance  Port¬ 
ability  and  Accountability  Act]  and 
Sarbanes-Oxley  compliance.” 

Network  neighbors 

Like  IBM,  Unisys  also  is  seeing  more  inter¬ 
est  in  using  its  ClearPath  mainframes  as 
part  of  SOAs,  placing  greater  demand  on  its 
network  capabilities. 

Bob  Ready,  director  of  IT  at  Crescent 
Electrical  Supply  in  East  Dubuque,  Ill.,  is 
pushing  to  move  the  presentation  com¬ 
ponent  of  his  transaction  applications 
from  the  ClearPath  system  and  onto  Intel 
boxes. 

“We’re  trying  to  move  to  a  service-ori¬ 
ented  architecture  where  the  presentation 
end  ....  resides  on  the  open  systems  side,” 
Ready  says.“On  the  [ClearF’ath]  mainframe 
side  we  develop  a  series  of  core  services 
that  we  assemble  into  new  applications.” 

Unisys  uses  Intel-based  network  appli¬ 
ance  devices  to  enable  its  systems  to 
connect  into  IP  networks.  The  ClearPath 
boxes  support  not  only  its  proprietary 
MCP  operating  system,  but  also  Windows 
and  Linux. 

“We  built  interfaces  between  the  legacy 
environment  and  the  commodity  space 
so  as  new  and  emerging  technologies 
come  along  we’re  able  to  quickly  inte¬ 
grate  those  by  having  adapted  this  appli¬ 
ance  approach," says  Ralph  Farina,  direc¬ 
tor  of  Unisys’  ClearPath  MCP  technology 
office. 

Through  proprietary  code  on  the  appli¬ 
ances,  Unisys  is  able  to  add  features  such 
as  security  to  the  network  interface, 
Farina  says.  Moving  forward,  Unisys  will 
be  focused  on  enhancing  the  security 
features  in  the  network  appliances, 
Farina  says.B 
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Seals  in  hot  air,  prevents  mixing  with  room  air 


APC  solutions  that  carry 
the  'Blade-Heady'  Logo 
are  designed  to  handle  the 
demanding  network-critical 
physical  infrastructure 
requirements  of  high  density 
blade  server  applications. 


Chamber  Doors 

Access  to  hot  aisle, 
locks  for  security 


Now  you  can  quickly  deploy  a 
standard  or  high  density  site  of  any  size 
with  scalable,  top-tier  availability. 


Part 

Number 


Usable  Maximum 
IT  Racks  kW  per  Rack 


Price  Price  to  lease 

to  buy  (36  installments) 


ISXT120KHD1R 

1 

up  to  20kW 

$63,500* 

$1,999** 

ISXT130KHD1R 

1 

up  to  30kW 

$79,500* 

$2,499** 

ISXT130KHD2R 

2 

up  to  30kW 

$94,500* 

$2,999** 

ISXT150KHD2R 

2 

up  to  30kW 

$99,500* 

$3,099** 

ISXT140KHD3R 

3 

up  to  30kW 

$119,500* 

$3,799** 

ISXT180KHD3R 

3 

up  to  30kW 

$159,500* 

$4,999** 

ISXT150KHD4R 

4 

up  to  30kW 

$166,500* 

$5,199** 

All  multi-rack  configurations  feature: 

%/  N+1  power  and  cooling 

Secure,  self-contained  environment 
%/  Peak  capacity  of  20kW  per  rack 
\/  Enhanced  service  package 
%/  Integrated  management  software 
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All  solutions  are  scalable  up  to  hundreds  of  racks. 
On-site  power  generation  options  start  at  $29,999 
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InfraStruXure®  Manager 


What  is 
data  center 
on  demand? 


Infrastructure 

DATA  CENTERS  ON  DEMAND 


Highly  available  and  manageable, 
quick-to-install,  scalable  architecture 
that  easily  supports  both  standard 
and  high  density  applications. 


-  Up  to  20kW  a  rack  for  any 
blade  server  application 


■  Unlimited  racks 

■  Ships  in  5  days*** 

■  Installs  in  1  day*** 


-  Optional  on-site  power 
generation 


Order  your  solution  today.  Call  888-289-APCC  x3642. 


Visit  today  and  receive  FREE  APC  White  Papers 

Visit  us  online  and  download  APC  White  Papers. 

Don't  see  the  configuration  you  need? 


Try  APC's  online  InfraStruXure  BuildOut  Tool  today  and  build  your  own  solution 


Raised  floor  not  required 


-  Vendor  neutral  guaranteed 
compatibility 


InfraStruXure’'  can  be  purchased  as  a 
modular,  or  mobile  system 


HP  ™  Go  to  http://promo.apc.com  and  enter  key  code  m324x  Call  888-289-APCC  x3642 


InfraStruXure'  BuildOut  Tool 


1  Prices  do  not  include  IT  equipment  and  are  subject  to  change  **  Indicative  rates  are  subject  to  market  conditions.  ***  Install  and  delivery  times  may  vary. 
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The  Paradox 


Multiple  layers  of  security  make  life  harder  for  threats 
Multiple  layers  of  security  make  life  harder  for  you. 


The  Answer:  Proven  security. 


Anti-Spam  &  Anti-Spyware 


Security  threats  are  mounting  in  number — and  they’re  evolving  in  complexity.  Your  security  must  evolve  as  well. 

This  used  to  mean  managing  multiple  products  without  integration,  which  created  operational  challenges,  risk,  and 
increasing  costs.  Not  any  more.  With  McAfee  '  Total  Protection  for  Enterprise,  you'll  have  comprehensive,  integrated 
protection.  You’ll  control  everything — from  anti-virus  to  network  access  control  to  anti-spyware— all  from  a  single 
management  console.  McAfee  Total  Protection  solutions  are  engineered  to  provide  maximum  manageability  and 
deliver  total  endpoint  security  without  compromise.  McAfee,  the  dedicated  security  company  that  blocked  or  contained 
100%  of  the  top  attacks  in  2005,  delivers  proven  results  backed  by  more  than  15  years  of  experience.  Secure  your 
business  advantage.  Learn  more  at  www.mcafee.com/total 


Network  Access  Control 


Intrusion  Prevention 


Desktop  Firewall 


E-Mail  Security 


Anti-Virus 


Proven  Security 


Top  list  of  attacks  as  reported  by  Wildlist.org  and  McAfee  AVERT  Labs  McAfee  and/or  additional  marks  herein  are  registered  trademarks  or  trademarks  of  McAfee.  Inc  and/or  its  affiliates  in  the  U  S  and'or  other  countries. 
McAfee  Red  in  connection  with  security  is  distinctive  of  McAfee  brand  products  All  other  registered  and  unregistered  trademarks  herein  are  the  sole  property  of  their  respective  owners.  £>  2006  McAfee,  Inc  All  rights  reserved. 
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Broker  banks  on  smart  phone  app 

Sales  representatives  say  they  can  manage  CRM  program  with  one  hand. 


BY  JOHN  COX 

A  wholesale  mortgage  broker  is  exploit¬ 
ing  a  mobile  application  to  give  its  sales 
representatives  one-handed  access  to 
account  data  anywhere  they  can  get  a  cell 
phone  signal. 

About  a  dozen  sales  reps  with  First  Rate 
Financial  use  Entellium’s  recently  released 
eMobile  software  to  connect,  via  Verizon 
Wireless  Treo  700  smart  phones,  to  CRM 
data.  With  minimal  training,  the  reps  can 
move  quickly  via  a  thumb  wheel  (see 
photo)  through  nested  menus  to  call  up  the 
most  recent  account  data,  including  each 
step  of  a  loan  applications  workflow. 

“It’s  a  pretty  robust  little  application,”  says 
Michael  Colagrossi,  a  principal  with  First 
Rate  of  Bellevue, Wash.The  company  repre¬ 
sents  banks  and  lenders  in  six  states. 

Its  robustness  is  no  accident.  Entellium 
designed  eMobile  from  the  outset  to  be 
used  on  a  smart  phone.  The  company’s 
approach  won  it  a  place  in  Network  World's 
recent  listing  of  five  wireless  companies  to 
watch  (see  www.nwdocfinder.com/4066). 
The  guiding  inspiration  for  the  project: 


Short  Takes 


■  Users  looking  for  a  new  PC 
might  want  to  wait  for  a  round  of 
price  cuts  that  are  expected  soon 
from  Intel,  the  world's  largest 
maker  of  microprocessors. 
Component  vendors  and  analysts  in 
Taiwan  say  the  company  may 
announce  such  reductions  in  July, 
and  the  PC  market  has  already 
slowed  down  in  anticipation  of  the 
move.  The  microprocessor  is  one  of 
the  most  expensive  parts  inside  a 
PC,  so  price  reductions  could  have 
a  big  impact  on  the  price  of  an 
overall  system.  Taiwanese  compa¬ 
nies  often  know  inside  information 
about  the  PC  industry,  such  as 
about  upcoming  chip  launches  or 
price  reductions,  because  they 
make  many  vital  components  for 
PCs  and  need  to  know  about 
upcoming  technical  or  business 
changes  to  prepare  new  products. 


Apple’s  easy-to-use  iPod  music  player. 

“We  think  the  No.  1  design  criteria  [for  a 
mobile  application]  is:  be  able  to  use  it  with 
one  hand,”  says  Paul  Johnston,  president 
and  CEO  of  Entellium. 

Entellium’s  main  desktop  and  server 
application  is  eSalesForce,  a  Web-based, 
hosted  CRM  application  that  competes 
with  products  from  Netsuite  and  Sales- 
force.com.  Its  main  selling  point,  Johnston 
says,  is  that  it  offers  the  same  or  better  func¬ 
tions  at  half  the  price  of  its  rivals.  The  new 
eMobile  application  takes  the  full  functions 
of  the  browser-based  application  and 
recasts  them  in  a  Java  application  designed 
for  the  smart  phone  platform. 

First  Rate’s  employees  use  their  Treo  700 
devices  to  make  a  cellular  connection  over 
Verizon  Wireless’  Code  Division  Multiple 
Access  network  to  Entellium’s  servers.  Once 
they’re  authenticated,  the  employees  see 
the  eMobile  home  page  and  start  their 
menu  selections.  Clicking  on  “What’s  new” 
gives  them  the  option  of  selecting  “Today” 
or  “last  five  days”  to  see  all  newly  assigned 
sales  leads  and  activities,  and  then  to  drill 
down  into  account-specific  details. 

Clicking  on  the  name  of  a  new  lead 
brings  up  such  details  as  the  date  the  lead 
was  created,  current  status,  level  of  interest 
and  contact  details,  such  as  e-mail  address 
and  phone  number.  Selecting  address  or 
number  causes  eMobile  to  create  a  mes¬ 
sage  or  dial  the  number  automatically  A 
copy  of  the  e-mails  is  saved  and  uploaded, 
as  are  records  of  the  phone  call. 

“I  don’t  ever  pull  the  stylus  out  of  my 
Treo,”  Colagrossi  says. “I’ve  been  able  to  do 
that  [navigating  and  even  inputting]  very 
quickly  It’s  very  easy  to  move  around  just 
using  the  action  buttons  on  the  phone  and 
the  keyboard.” 

The  ease  of  this  navigation  was  a  top  pri¬ 
ority  for  Entellium.  The  company  even 
added  some  video  game  designers  to  its  en- 
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Secure  messaging  guide 

Research  products  that  enable  secure  messaging. 
Check  out  our  online  Buyer's  Guide. 

www.nwdocfinder.coni/4048 


eMobile  CRM  software 

Entellium’s  software  is  designed 
specifically  for  smart  phones. 


List  of  main  menus;  terms 
match-ing  those  of 
desktop/server  version. 


Design  allows 
one-handed 
operation  to  scroll 
and  select  menus. 


Users  can  quickly  move 
through  nested  submenus 
to  view  and  edit  account 
details,  review  work  notes. 


gineering  team.  One  key  early  decision  was 
to  scrap  the  conventional  Microsoft  Win¬ 
dows  Forms  interface  used  by  many  appli¬ 
cation  designers.“In  a  classic  Windows  inter¬ 
face,  all  this  [activity]  is  more  complicated,” 
Entellium’s  Johnston  says.  “The  Windows 


Forms  interface  that’s  typical  of  our  com¬ 
petitors  is,  in  our  opinion,  an  obstacle.” 

First  Rate  Financial  customized  Entel¬ 
lium’s  eSalesForce  to  capture  the  step-by- 
step  workflow  of  loan  processing.  This 
same  workflow  is  reflected  in  eMobile’s 
arrangement  of  menus  and  drop-down 
lists.  “To  my  surprise,  that  all  just  carried 
right  over  to  the  phone  version,” 
Colagrossi  says. 

Now, sales  reps  at  a  customer’s  site  can  see 
where  each  loan  is  in  this  process,  what 
additional  documentation  is  needed, 
whether  an  application  review  needs  to  be 
done  and  what  information  needs  to  be 
sent  to  the  underwriter,  he  says. 

The  eMobile  application  requires  about 
400K  to  500KB  of  memory  to  run.  It  has 
built-in  caching,  so  it  can  store  some  data 
on  the  handset.  If  the  cellular  connection 
breaks,  the  software  is  smart  enough  to 
know  that  a  transaction  failed  to  com¬ 
plete.  When  the  connection  is  restored, 
eMobile  picks  up  where  it  left  off  to  com¬ 
plete  the  action. 

Verizon  Wireless  has  recently  signed  a 
deal  to  offer  eMobile  as  part  of  its  wire¬ 
less  salesforce  automation  offering  for 
business  users.  The  service  will  be  mar¬ 
keted  and  sold  by  the  cellular  carrier. 

“We’ve  been  using  [eMobile]  right  out 
of  the  box,”  First  Rate’s  Colagrossi  says. 
“From  what  we’ve  experienced  so  far, 
we’re  pretty  happy”  ■ 


VMware  acquires  start-up 

Snags  virtualization  company  Akimbi  Software. 


BY  DENI  CONNOR 

VMware  announced  last  week  that  it  has 
acquired  Akimbi  Systems,  which  makes 
software  that  captures  operating  system, 
application  and  configuration  images. 

Akimbi,  a  start-up  with  30  employees,  will 
be  added  to  VMware’s  developer  division. 
The  company’s  software  complements  the 
server  virtualization  products  of  VMware. 

Akimbi’s  Slingshot  product  lets  IT  man¬ 
agers  build  a  software  test  infrastructure  to 
automate  the  setup  and  teardown  of  multi¬ 
ple  virtual  machine  environments. 
Although  Slingshot  works  with  VMware  and 
Microsoft  virtual  machines,  most  of 


Akimbi’s  customers  use  VMware. 

Akimbi  competes  with  Surgient,  which 
offers  a  hosted  service.VMware  will  discon¬ 
tinue  Slingshot,  add  features  to  it  and  rein¬ 
troduce  the  product  in  the  third  quarter  of 
this  year. 

This  acquisition  expands  VMware’s  virtu 
alization  portfolio  to  include  software  for 
building  and  managing  software  test  and 
development  environments.  Details  of  the 
acquisition  were  not  disclosed.  ■ 
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Subscribe  to  our  free  newsletter. 
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■nore.  I  believe  convergence  is  the  path  to  greater  harmony  and  sustained  growth. 

King  from  AT&T  enables  James  to  integrate  voice,  data  and  video  onto  one  global 
reaches  127  countries.  So  his  company's  applications  run  more  efficiently  around 
ith  AT&T  BusinessDirect;  James  gains  not  only  the  control  and  visibility  of  his  entire 


network,  but  the  inner  peace  he  seeks 
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Network  Appliance  enters  SMB 
storage  market  with  new  array 


Network  Appliance's  StoreVault  S500  storage  array  is  designed  for  companies  and  sites  with 
limited  IT  resources  and  budgets. 


BY  DENI  CONNOR 

Network  Appliance  this  week  plans  to 
announce  its  entry  into  the  small  and  mid¬ 
size  business  market,  with  a  storage  array 
designed  to  work  in  network-attached,  iSCSI 
and  Fibre  Channel  environments. 

The  StoreVault  S500,  which  starts  at 
$5,000,  has  features  typically  found  in  high- 
end  storage  systems.  It  has  as  much  as  6TB 
of  storage  capacity,  features  Windows-based 
configuration  software  and  includes  built-in 
data-protection  software  that  lets  as  many 
as  250  snapshots  of  data  to  be  taken.  The 
product  also  features  Network  Appliance’s 
RAID  Double  Parity,  which  is  used  to  recov¬ 
er  data  if  more  than  one  disk  fails  at  a  time. 

“You  can  find  [network-attached  storage] 
and  [storage-area  network]  offerings  out 
there,  but  with  Network  Appliance  it’s  the 
same  NAS  and  SAN  kernel  used  in  its  bigger 
boxes,”  says  Chuck  Edwards,  managing  part¬ 
ner  for  Blue  Gecko,  a  provider  of  hosting 
and  managed  service  in  Seattle.  “It’s  a  won¬ 
derful  way  for  us  to  provide  high-end  fea¬ 
tures  to  our  customers  at  a  small  cost.” 

Connectivity  Options 

The  S500  supports  the  Microsoft  iSCSI  ini¬ 
tiator  and  QLogic’s  Simple  SAN  initiative, 
which  uses  QLogic  host  bus  adapters  to 
connect  Windows  servers  to  the  SAN.  An 


optional  host  bus  adapter  is  offered  from 
Silverback  Systems,  which  speeds  iSCSI 
and  offloads  server  processing.  The  array 
features  either  250G  or  500GB  Serial 
Advanced  Technology  Attachment  drives, 
which  can  be  added  or  removed  from  the 
array  without  disrupting  operations. 

The  S500  will  compete  with  arrays  from 
EMC,  HR  Snap  Server  and  Dell.  Unlike 
these  arrays,  which  attach  only  to  the  net¬ 
work  as  iSCSI,  network-attached  or  Fibre 


Channel  devices,  the  S500  connects  as  all 
three.  It  also  supports  about  four  times  as 
many  snapshots  as  comparable  arrays. 

The  new  offering  is  to  be  made  avail¬ 
able  exclusively  through  Tech  Data.  The 
Fibre  Channel  support  is  due  in 
September.  ■ 
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Platform  Computing  flexes  grid  software 

New  version  geared  toward  financial  companies. 


BY  JENNIFER  MEARS 

Platform  Computing  has  rolled  out  a  ver¬ 
sion  of  its  grid  software  designed  for  the 
financial  industry  saying  the  release  will 
help  customers  make  better  use  of  com¬ 
pute  resources  by  enabling  multiple  appli¬ 
cations  to  be  managed  and  share  resources 
across  a  grid. 

Symphony  3,  which  is  expected  to  be  gen¬ 
erally  available  June  30,  works  with  Plat¬ 
form’s  Enterprise  Grid  Orchestrator  (EGO) 
technology  to  let  IT  executives  manage  dis¬ 
parate  applications  and  make  sure  each 
one  gets  the  compute  resources  it  needs. 

Platform,  which  competes  with  such  com¬ 
panies  as  DataSynapse,  introduced  EGO 
last  summer  in  an  effort  to  move  its  grid 
software  from  its  high-performance  com¬ 
puting  niche  into  the  enterprise.To  do  that, 
Platform  executives  knew  they  needed  to 
offer  more  detailed  management  capabili¬ 
ties,  including  the  ability  to  consolidate  geo¬ 
graphically  dispersed  compute  resources 
and  allocate  workloads  based  on  business- 
driven  policies. 

On  the  other  hand,  Symphony  was  de¬ 


signed  to  give  companies  the  capability  to 
pool  compute  resources  and  shorten  the 
time  it  takes  to  run  financial  workloads, 
such  as  pricing  and  risk  analysis.  For  the 
most  part,  applications  were  run  separately 
within  the  Symphony  framework,  says 
Martin  Harris,  product  manager  at  Platform. 

Symphony  3  combines  the  financially 
focused  software  with  EGO’s  stepped-up 
management  capabilities. 

“What  we’ve  done  [with  Symphony  3]  is 
made  it  so  that  all  of  the  applications  using 
the  grid  resources  are  running  through  a 
common  foundation,”  he  says.  “So  from  an 
IT  management  standpoint,  from  an  inter¬ 
nal-billing  standpoint,  it  really  gives  the 
organization  complete  control.” 

That  means  IT  managers  can  set  busi¬ 
ness-driven  priorities  for  different  applica¬ 
tions  running  on  the  grid,  he  says. 
Customers  manage  the  grid  and  the  appli¬ 
cations  running  on  it  through  a  Web-based 
console. 

“So,  for  example, one  line  of  business  may 
have  a  trading  application,  and  that  appli¬ 
cation  will  be  provisioned  a  certain  num¬ 


ber  of  resources,  but  it  only  uses  them  for  a 
certain  period  of  the  dayf  Harris  says.“What 
EGO  will  allow  customers  to  do  with 
Symphony  is  take  those  idle  resources  and 
share  them  across  lines  of  business.” 

As  a  result,  customers  should  see  utiliza¬ 
tion  rates  rise  from  about  30%  to  95%  or 
more,  he  says. 

Symphony  3,  which  uses  an  agent  on 
each  server  to  orchestrate  resource  shar¬ 
ing, supports  a  variety  of  operating  systems, 
including  Windows,  Linux  and  Solaris.  Most 
deployments  run  on  standard,  x86  hard¬ 
ware,  Harris  says. 

Symphony  is  priced  per  CPU,  but  varies 
depending  on  the  deployment.  ■ 
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Securing  your  messages 
Research  products  that  enable  secure  messag¬ 
ing.  Check  out  our  online  Buyer's  Guide. 

www.nwdocfinder.com/4048 
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Dynamic 
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Delivered. 
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Dynamic  Networking  from 
AT&T  is  a  comprehensive 
approach  to  optimizing 
business  performance 
including  the  services  and 
intelligence  of  a  converged 
networking  environment. 


Converged  networking 
delivers: 


High-performing 
business  applications  for 
greater  value,  efficiency 
'  and  productivity. 


Information  delivered 
faster  to  the  people 
who  need  it  —  decision 
makers,  sates,  customers 
and  suppliers  —  for 
increased  collaboration 
and  responsiveness. 


Improved  control  across 
all  activities  in  the 
organization  to  identify 
changing  circumstances 
and  adjust  network 
performance  in  response. 


One  global  IP  network 
that  reaches  127  countries 
for  flexible  growth. 


Learn  how  Dynamic 
Networking  can  enable 
your  enterprise  by 
downloading  the  white 
paper  series,  Convergence, 
A  Four  Point  Framework,  at 
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INTRODUCING  BUILT  IN  BroadbandConnect 


the  only  built  in  wireless  connection 
that  works  in  more  places  than  you  do. 


Get  a  Dell™  Latitude  notebook  equipped  with  Cingular's 
supercharged  wireless  network. 


D^LL 


Available  on  the  Dell  Latitude  D620  and  D820. 
Nothing  to  install.  Just  activate  and  go. 


Runs  on  Cingular's  BroadbandConnect  and  EDGE, 
the  largest  national  high-speed  wireless  data  network. 


Broadband  speeds  on  the  3G  global  standard 
everywhere  BroadbandConnect  is  available. 


Access  your  business-critical  information 
in  13,000  cities  and  towns  and  in  100  countries 
around  the  world. 


More  secure  than  Wi-Fi  with  a  wider 
coverage  area  -  no  hotspots  required. 


CINGULAR  MAKES  BUSINESS  RUN  BETTER 


Click  www.cingular.com/dell 

X.  cingular 

raising  the  barT.aill 


Coverage  not  available  in  all  areas.  Cingular  covers  273  million  people.  Wireless  service  not  included  with  notebook.  Other  conditions  and  restrictions  apply. 
The  Dell  logo  is  a  trademark  of  Dell  Computer  Corporation.  ©2006  Cingular  Wireless.  All  rights  reserved. 
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Start-up  offers  event 
processing  software 


BY  ANN  BEDNARZ 

More  and  more,  business  users  don’t 
want  to  wait  for  data  filtering  through 
transactional  systems  to  be  processed, 
collected  and  analyzed.  The  need  for 
more  immediate  information  has 
spawned  a  crop  of  start-ups  with  analytic 
tools  that  process  data  on  the  fly  and  alert 
executives  to  changing  business  condi¬ 
tions  as  they  occur. 

The  latest  is  Coral8,  which  this  week  is 
expected  to  debut  its  first  enterprise  prod¬ 
uct,  the  Coral8  Complex  Event  Processing 
Engine. 

Coral8’s  software  analyzes  information 
from  systems,  databases  and  applications 
in  real  time  and  looks  for  events  that 
might  signal  a  fraudulent  transaction,  for 
example,  or  a  kink  in  the  supply  chain.  It 
compares  the  current  state  of  activities 
with  expected  conditions,  then  uses  em¬ 
bedded  business  rules  to  determine  how 
to  respond  to  threats  and  opportunities. 

The  technology  is  similar  to  the  event-pro- 
cessing  technology  used  in  network  and 
systems  management  products,  but  with  a 
business  spin.  Instead  of  looking  for  server 
bottlenecks  or  application  delivery  prob¬ 
lems,  Coral8  watches  for  business  anom- 


Short  Takes 


■  Directory  management  vendor 
NetPro  last  week  shipped  additions 
to  its  backup  and  restoration  soft¬ 
ware  for  Active  Directory.  Restore- 
ADmin  2.5  includes  new  sorting, 
grouping  and  search  features  for 
recovering  deleted  objects.  The  soft¬ 
ware  integrates  with  NetPro's 
ChangeAuditor,  which  provides  notifi¬ 
cation  when  changes  or  deletions  are 
made  in  the  directory.  RestoreADmin 
2.5  also  has  a  new  backup  engine  that 
backs  ups  only  objects  that  have 
changed  since  the  last  backup,  en¬ 
hanced  storage  features  and  im¬ 
proved  reporting  controls.  The  soft¬ 
ware  runs  on  32-  and  64-bit  platforms 
and  is  priced  at  $5  per  user. 


Profile: 

Coral8 

)  Founded: 

2003 

Headquarters:  Mountain  View,  Calif  j 

Employees: 

30 

Funding: 

Private  investors  to  date.  May 
initiate  a  round  of  venture 
funding  in  late  2006. 

Product:  CoralS  Complex  Event 

Processing  Engine 

Technology:  The  software  analyzes  data  from 
systems,  databases  and 
applications  in  real  time  and 
|  applies  rules  to  identify  patterns 

and  trends. 

Key  executives: 

CEO  Terry  Cunningham  founded 
Crystal  Decisions,  which  Seagate 
Technology  acquired  in  1994, 
and  is  former  president  of 

Veritas  Software.  GT0  Mark 
Tsimelzon  founded  Web 
integration  start-up 

CallTheShots,  which  Akamai 
acquired  in  2000.  ; 

alies.  It  is  designed  to  handle  hundreds  of 
thousands  of  messages  per  second.  It  pro¬ 
cesses  content  from  sources  such  as  real¬ 
time  datastreams  and  message  brokers; 
and  it  exports  data  to  performance  dash¬ 
boards,  business  process  management  soft¬ 
ware  and  other  analytic  tools. 

“Think  of  this  as  an  inline  processor  that 
we  strap  onto  the  pipe  of  data  flow  before 
it  gets  to  the  database,”  says  Coral8  CEO 
Terry  Cunningham.  “Instead  of  a  database, 
where  a  query  is  run  against  the  data,  this  is 
the  opposite.The  registered  query  is  always 
present,  and  you  run  the  data  against  the 
queryTThis  engine  continually  looks  forcer- 
tain  patterns,  he  says.  It  looks  at  real-time 
data  and  pulls  historical  reference  data 
from  a  database  for  comparison. 

Cunningham  founded  business  intelli¬ 
gence  pioneer  Crystal  Decisions  in  1984 
and  held  senior  executive  positions  at  Sea¬ 
gate  Technology  and  Veritas  Software.  With 
Coral8,he’s  repeating  the  market  strategy  of 
pursuing  OEM  agreements  with  software 
makers  with  vertical  expertise  that  don’t 
want  to  develop  a  proprietary  analytic  en¬ 
gine.  For  example,  storage-management 
See  Coral8,  page  32 


Quest  adds  directory 
mgmt  console,  SQL  tools 


BY  JOHN  FONTANA 

Quest  Software  is  expected  to  release 
this  week  a  single  console  that  gives  IT 
managers  one  interface  from  which  to 
manage  Active  Directory,  including  such 
tasks  as  change  management,  backup, 
policy  administration  and  user  password 
resets.  The  company  also  plans  to  intro¬ 
duce  a  suite  of  tools  that  let  users  com¬ 
pare  and  synchronize  the  schema,  data 
and  server  settings  of  two  Microsoft  SQL 
Server  environments. 

On  the  directory  side,  Quest  Management 
Console  for  Active  Directory,  based  on  the 
Microsoft  Management  Console,  is  being 
offered  as  a  free  download.  Quest  also  is 
updating  four  of  the  12  tools  in  its  suite  of 
Active  Directory  management  products. 

Directory  changes 

Quest  InTrust  for  Active  Directory  2.5  has 
been  recast  as  a  management  pack  for 
Microsoft  Operations  Manager  (MOM). 
Priced  at  $12  per  user,  the  software  gives 
MOM  information  about  who  made 
changes  and  what  changes  were  made  to 
the  directory  and  to  group  policy  objects. 

The  enhanced  Quest  Recovery  Manager 
7.5,  which  is  priced  at  $10  per  user,  now  can 
do  backups  more  frequently.  Users  also  can 
do  distributed  creation  of  backups,  a 
process  that  uses  existing  backup  infra¬ 
structure  and  technologies  such  as  Micro¬ 


soft  Volume  Shadow  Copy  Service  to  opti¬ 
mize  recovery 

Quest  Group  Policy  Manager  3.0,  which  is 
priced  at  $8  per  user,  comes  with  new 
scheduling  features  for  updating  group  pol¬ 
icy  objects. 

Password  management 

Quest  Password  Reset  Manager  4.0,  which 
is  priced  at  $7  per  user,  has  new  password 
policies  to  control  self-service  password 
resetting.  Reset  Manager  is  expected  to  ship 
in  July  The  other  three  tools  are  available. 

“What  we  are  not  moving  to  is  an  uber- 
productj’says  David  Waugh,  vice  president 
of  product  management  for  Windows 
management  products.  “All  of  this  snaps 
together.” 

Quest  competes  with  Bindview,NetlQ  and 
NetPro  on  management  of  Microsoft  infra¬ 
structure. 

Quest  also  introduced  Quest  Com 
parison  Suite,  a  trio  of  new  tools  to  help 
users  manage  and  keep  the  database  struc¬ 
tures  of  two  SQL  Server  environments  in 
sync.  The  SchemaCompare  tool  identifies, 
scripts  and  synchronizes  schema  differ¬ 
ences;  ServerCompare  focuses  on  server 
settings  and  DataCompare  keeps  the  two 
databases  in  sync. 

The  three  components  are  priced  at  $399 
per  server. The  individual  components  cost 
$199.  ■ 


Directory  management 

Quest  Software  has  introduced  a  new  console  for  its  suite  of  Active  Directory 
management  tools  that  brings  them  together  in  one  interface.  One  tool  supports 
self-service  password  management. 


Quest  Password  Manager 
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Length 

■  *■  —  J  Password  must  contain  at  least 
P  Enable  this  rule 

r  Alphanumeric  characters:  1  Z 

r  lowercase  characters:  1  Z 

H  Uppercase  characters:  1  * 

W  Distinct  characters:  5  Z 


Administrators  can  set 
policies  users  must 
follow  when  setting  up 
self-service  password 
management. 


32  •  www.networkworld.com  •  6.26.06 


IBM  pushes  online  contract  mgmt 


GoralS 

continued  from  page  31 

software  maker  Intermine  uses  Coral8’s 
technology  to  build  real-time  reports  on 
storage  resource  usage  and  availability  and 
Patient  Care  Technology  Systems  uses  it  to 
help  keep  tabs  on  hospital  resources 
tagged  with  RFID  devices. 

By  incorporating  Coral8’s  technology  in 
their  applications,  OEM  partners  such  as 
these  will  help  expand  Coral8’s  market 
share  as  well  as  provide  revenue  for  the 
company  “Our  partners  take  the  technol¬ 
ogy  into  their  verticals,” Cunningham  says. 

He  hopes  the  OEM  approach  will  help 
distinguish  CoraI8  from  its  competitors, 
which  include  start-ups  such  as  Aleri  Labs 
and  AptSoft,  as  well  as  more  established 
players,  such  as  HP  IBM  andTibco. 

Coral8  offers  three  versions  of  its  soft¬ 
ware.  A  developer  edition  is  available  for 
free  download.  A  professional  edition, 
which  starts  at  $20,000  per  processor,  is 
intended  for  production  rollouts;  and  an 
enterprise  version  starts  at  $60,000  per 
processor  and  adds  features  such  as  high- 
availability  failover,  state  persistence,  clus¬ 
tering  and  guaranteed  message  delivery  ■ 


BY  CHINA  MARTENS,  IDG  NEWS  SERVICE 

IBM  last  week  unveiled  technology  de¬ 
signed  to  put  the  process  of  signing  and 
managing  IT  contracts  online  to  let  the  ven¬ 
dor  and  its  business  partners  and  cus¬ 
tomers  save  time  and  money 

Developed  by  IBM  Research  over  the  past 
couple  of  years,  Contracts  OnLine  is  a  Web- 
hosted  application  available  for  free  to 
IBM’s  U.S.  business  partners  and  customers. 
The  application  relies  on  digital  watermarks 
with  signer  names  and  dates,  and  requires 
IBM’s  WebSphere  Application  Server  and 
DB2  database  and  Adobe  Reader. 

“The  problem  we’re  trying  to  help  solve  is 
allowing  our  partners  and  clients  to  do  busi¬ 
ness  more  efficient^’ said  Cathy  Lasser,  IBM 
Research’s  vice  president  of  industry  solu¬ 
tions  and  emerging  technology 

With  the  application,  users  on  the  Web 
can  securely  access,  review  and  sign  a  con¬ 
tract,  track  its  status,  and  see  who  made 
which  alterations  to  the  online  document, 
Lasser  said.  Contracts  OnLine  automatically 
sends  e-mails  to  the  parties  involved  in  a 


contract,  notifying  them  when  to  review 
and  sign  it,  as  well  as  when  it’s  about  to 
expire.  IBM  has  been  piloting  the  software 
with  700  business  partners  and  customers. 

Jack  Henry  &  Associates,  of  Monett,  Mo., 
provides  IT  systems  to  U.S.  financial  institu¬ 
tions.  An  IBM  business  partner,  Jack  Henry 
sells  iSeries  and  pSeries  servers  to  banks 
and  credit  unions,  respectively  The  company 
is  close  to  standardizing  its  contract  man¬ 
agement  on  Contracts  OnLine, according  to 
Steve  Crawford,  manager  of  hardware  tech¬ 
nology  and  services  at  Jack  Henry. 

“So  far,  it’s  working  extremely  well,”  Craw¬ 
ford  said.“We’re  extremely  pleased  with  the 
pilot,  and  customers  have  been  very  respon¬ 
sive  to  it.”  Jack  Henry  has  handled  contracts 
with  more  than  100  customers  through 
Contracts  OnLine,  and  has  eliminated  a  lot 
of  paperwork  and  is  more  time-efficient, 
Crawford  added. 

When  selling  an  IBM  system  to  a  customer 
previously  the  company  would  use  a  com¬ 
bination  of  scanning,  e-mail  and  express 
mail  to  get  all  parties  to  sign  the  contract. 


That  meant  the  process  could  take  several 
days  and  didn’t  occur  in  real  time,  as  it  can 
online. 

Although  IBM  is  positioning  the  soft¬ 
ware  for  use  by  small  and  midsize  busi¬ 
nesses,  Contracts  OnLine  is  suitable  “for 
any  size  business,”  Lasser  said,  with  the 
application  capable  of  handling  the 
demands  of  complex  multiparty  con¬ 
tracts  and  simpler,  two-party  deals. 

So  far  the  software  is  limited  to  use  by 
U.S.-based  operations  doing  business 
with  IBM,  whether  purchasing  the  ven¬ 
dor’s  technology  or  signing  up  for  lease 
or  loan  contracts  from  IBM  Credit.  IBM 
intends  next  year  to  expand  Contracts 
OnLine  to  its  business  partners  and  cus¬ 
tomers  outside  the  United  States.  “As  we 
look  to  extend  it  out,  we’re  exploring  dif¬ 
ferent  legal  options,”  Lasser  said. 

IBM  also  is  considering  other  uses  for 
the  contract  technology,  and  potentially 
will  make  it  available  to  companies  that 
are  not  IBM  customers  or  business  part¬ 
ners,  Lasser  said.  ■ 
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IS  YOUR  DATA  IN  THE  RIGHT  PLACE? 


Introducing  Hitachi  HiCommand4  Tiered  Storage  Manager  software.  These  days  it’s  not  enough  to  just  keep  data  anyplace.  It  needs  to  be  in  the  right  place  at  the  A 
right  time— based  on  how  your  applications  use  it.  Our  new  HiCommand"  Tiered  Storage  Manager  helps  you  optimize  data  placement,  align  application  and  storage 
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Are  VoIP  and  CALEA  incompatible? 


NET  INSIDER 

Scott  Bradner 


Last  week  I  wrote  about  the  po¬ 
tential  impact  of  new  FCC  wire¬ 
tapping  rules  on  enterprise  net¬ 
work  managers.  This  week  the 
subject  is  the  impact  of  some  of 
these  rules  on  the  Internet  itself. 

A  new  report  shows  it  may  be 
nearly  impossible  to  implement 
comprehensive  wiretapping  of 
VoIP  without  reengineering  and 
rebuilding  most  of  the  United 
States’  Internet.  Not  only  would 
such  reengineering  be  extremely 
costly  it  would  also  relegate  the 
United  States  to  second-  or  third- 
class  status  in  Internet-related 
technological  innovation. 

As  I  mentioned  in  passing  last 


week,  the  same  FCC  orders  (see 
www.nwdocfinder.com/3926  and 
/3929)  extending  the  Communica¬ 
tions  Assistance  for  Law  Enforce¬ 
ment  Act  (CALEA)  (see  www.nw 
docfinder.com/3928)  to  Internet 
service  providers  and  enterprise 
networks  also  extend  the  legisla¬ 
tion  to  interconnected  VoIP  ser¬ 
vice  providers.  By  interconnected, 
the  FCC  means  a  VoIP  service  that 
connects  calls  to  and  from  tele¬ 
phone  networks. 

A  new  report  (see  www.nwdoc 
finder.com/4034)  from  the  Infor¬ 
mation  Technology  Association 
of  America  (ITAA)  examines  the 
security  implications  of  applying 
CALEA  to  VoIP  I  do  not  know 
much  about  the  ITAA  and  did 
not  learn  much  from  its  Web  site 
(www.itaa.org)  other  than  its 
claim  to  be  “the  nation’s  leading 
information  technology  (IT) 
trade  association.”  But  I  do  know 
—  or  at  least  know  of  —  many  of 


the  report’s  authors:  a  very  im¬ 
pressive  collection  of  security 
and  Internet  experts  indeed 
(see  www.nwdocfinder.com/ 
4035). 

The  report  explains  VoIP  and 
why  it  is  not  your  father’s  phone 
network.  In  your  father’s  phone 
network  —  after  it  had  been  re¬ 
engineered  at  great  cost  but  with 
little  user  visibility  —  wiretap¬ 
ping  is  done  quite  easily  by  func¬ 
tions  within  the  phone  switches. 
When  VoIP  runs  over  the  Internet, 
however,  it  does  not  follow  the 
same  model  at  all. 

For  example,  instead  of  voice  ex¬ 
changes  running  through  phone 
switches,  in  VoIP  the  voicecarry¬ 
ing  data  packets  run  directly 
between  the  two  phones  engaged 
in  the  call.The  path  these  packets 
take  often  has  little  in  common 
with  the  path  taken  by  the  packets 
used  to  start  and  stop  the  call.The 
path  voice  packets  take  is  general¬ 


ly  through  routers  not  under  the 
control  of  the  VoIP  provider.  Even 
if  those  routers  were  equipped  to 
perform  wiretapping,  they  would 
not  know  what  traffic  to  intercept. 
Another  difficulty  not  mentioned 
in  the  report,  is  that  traffic  paths  in 
the  Internet  are  almost  always 
asymmetric  —  traffic  in  different 
directions  takes  different  paths. 
This  means  there  are  very  few 
places  in  the  network  where  an 
intercept  would  get  the  whole 
conversation. 

Of  course,  you  could  reengi¬ 
neer  the  Internet  in  the  United 
States  to  keep  this  from  happen¬ 
ing.  Not  only  would  that  cost  an 
astronomical  amount,  but  it  also 
would  destroy  the  ability  of 
Internet  users  to  create  applica¬ 
tions.  I’m  sure  the  phone  compa¬ 
nies  would  love  to  help,  as  such 
an  Internet  would  be  their  dream 
network.  I  say  “in  the  United 
States,”  because  there  is  no  rea¬ 


son  to  think  that  much  of  the  rest 
of  the  world  is  dumb  enough  to 
destroy  the  innovative  power  of 
the  Internet  just  to  enable  wire¬ 
tapping  —  which  might  wind  up 
not  being  all  that  useful,  because 
the  real  bad  guys  would  encrypt 
their  communications.  There  is  a 
lot  more  in  this  report,  and  1  rec¬ 
ommend  it  highly  Too  bad  the 
FCC  will  likely  ignore  what  it  has 
to  say. 

Disclaimer:  Ignoring  Harvard  is 
what  some  people  do  as  a  hobby. 
But  the  above  is  my  opinion  to 
ignore,  not  Harvard’s. 

Bradner  is  a  consultant  with 
Harvard  University's  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 

SECURITY 

Subscribe  to  our  free  newsletter. 
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system  requirements,  maximize  performance,  and  reduce  costs.  It  also  ensures  that  data  movement  is  transparent  and  nondisruptive  at  all  times.  It's  all  part 
of  our  Application  Optimized  Storage™  solutions  and  our  commitment  to  being  your  Partner  Beyond  Technology.  To  learn  more,  visit  www.hds.com/tiered 
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Speed  of  Life 

Internet.  Voice.  Entertainment  -  All  at  Once.  Anywhere. 


WRT300N  Wireless-N  Broadband  Router 


Life  moves  fast.  You  have  to  multitask  every  day.  Now 
there's  a  wireless  network  that  can  keep  up  with  the 
speed  of  life.  A  Wireless-N  network  from  Linksys  lets  you 
surf  the  web,  enjoy  high  definition  video,  listen  to  digital 
music,  and  make  Internet  phone  calls  -  all  at  the  same 
time  anywhere  throughout  the  home  or  office. 

•  Up  to  4X  the  range  for  whole-home  coverage  that  virtually 
eliminates  dead  spots. 

•  Up  to  1 2X  the  speed  of  the  older  Wireless-G  standard. 

•  Compatible  with  existing  Wireless-G  and  -B  products. 

•  Easy  to  install  and  easy  to  use.  Set  it  and  forget  it. 


Linksys.  Nobody  makes  networking  easier! 

For  more  information  on  the  new  Linksys 
Wireless-N  products,  visit  www.Linksys.com, 
or  call  1-800-737-7201. 
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Linksys  is  a  registered  trademark  or  trademark  of  Cisco  Systems,  Inc.  and/or  Its  affiliates  in  the  U.S.  and  certain  other  countries. 
Wireless-N  The  Speed  of  Life  Logo  is  a  trademark  of  Linksys.  Copyright  ©  2006  Cisco  Systems,  Inc.  All  rights  reserved. 
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■  PRODUCTS,  SERVICES  AND  STRATEGIES  FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 

Telecommuting  backlash 

As  laptop  thefts  and  data  breaches  mount,  telework  advocates  defend  work-at-home  plans. 


BY  ANN  BEDNARZ 

When  a  Department  of  Veterans  Affairs 
analyst  lost  a  laptop  to  burglars, some  point¬ 
ed  the  finger  saying  the  theft  was  a  knock 
against  telework. 

But  the  analyst  whose  laptop  was  stolen 
from  his  house  was  not  a  teleworker,  just 
someone  who  took  work  home  with  him. 
It’s  a  perfect  example  of  how  people  rush 
to  blame  telework,  says  consultant  Gil  Gor¬ 
don  of  Monmouth  Junction,  N.J.  Because 
the  burglary  occurred  at  home,  people 
assumed  the  analyst  was  a  telecommuter 
and  by  association  assumed  that  telework¬ 
ing  puts  sensitive  data  at  greater  risk  of 
theft  or  loss. 

“If  that  computer  had  been  stolen  out  of 
his  car  when  he  stopped  on  the  way  home 
from  the  office  at  the  dry  cleaners,  hypo¬ 
thetically,  no  one  would  have  mentioned 
the  word  telework.  But  because  it  was  taken 
from  his  home,  then  all  of  a  sudden  it  is  in¬ 
ferred  that  it’s  a  work-at-home  problem, and 
that’s  just  nonsense,”  Gordon  says,“The  only 
people  who  want  to  make  that  argument 
are  people  who  have  it  in  for  telework  and 
don’t  believe  it  will  ever  work.” 

Despite  growing  acceptance, telework  still 
has  such  detractors.’The  No.  1  challenge  is 
cultural  inertia.  It’s  motivating  the  middle 
managers,  teaching  them  a  new  way  of 
doing  work,”  says  Steve  O’Keeffe,  executive 
director  of  Telework  Exchange.  “It’s  the 
Luddite  mentality  that  we  need  to  change.” 

The  Luddite  mentality  isn’t  hard  to  find  in 
federal  agencies.  Law  requires  agencies  to 
make  telework  arrangements  available  to 
government  employees  whose  jobs  can  be 
done  from  home,  but  many  are  woefully 
behind  in  implementing  telework  pro¬ 
grams.  Telework  remains  the  exception  in 
most  federal  agencies,  and  overall  the  gov¬ 
ernment  lags  well  behind  private  industry 
in  terms  of  adoption. 

To  speed  things  up,  lawmakers  including 
Rep.  Frank  Wolf  (R-Va.)  have  proposed  fi- 
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Fmd  an  appropriate  personal  firewall  for  your  tele¬ 
workers.  Check  out  our  on-line  Buyer's  Guide 
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Telework  expansion 

The  number  of  telecommuter 
households  will  exceed  10  million 
by  2010,  according  to  IDC. 

Businesses  with  telecommuters  by  company  size: 

Small  businesses  (One  to  99  employees) 

•  Have  telecommuters:  34.8% 

•  Mean  number  of  telecommuters:  3.2 
Midsize  businesses  (100  to  999  employees) 

•  Have  telecommuters:  68.3% 

•  Mean  number  of  telecommuters:  23 
Large  businesses  (1,000  or  more  employees) 

•  Have  telecommuters:  78.8% 

•  Mean  number  of  telecommuters:  130.5 


nancial  penalties  for  agencies  that  resist 
teleworking.  For  two  years  Wolf  has  inserted 
language  in  spending  bills  requiring  such 
agencies  as  NASA  and  the  Commerce, 
Justice  and  State  departments  show  an  in¬ 
crease  in  the  number  of  federal  workers 
telecommuting  or  forfeit  $5  million  each. 

President  Bush  and  top  administrators 
also  have  championed  telework  as  a  vital 
part  of  business-continuity  plans,  particular¬ 
ly  as  agencies  prepare  for  a  potential  flu 


BY  GRANT  GROSS,  IDG  NEWS  SERVICE 

Even  as  some  U.S.  government  agencies 
embrace  telecommuting  as  a  way  to  keep 
operating  during  emergencies,  significant 
resistance  from  managers  holds  back  some 
agencies,  telecommuting  experts  said  re¬ 
cently 

For  government  agencies  to  fully  see  tele¬ 
commuting  as  a  benefit,  top  managers  need 
an  attitude  change, said  Wendell  Joice,head 
of  the  U.S.  General  Services  Administration’s 
governmentwide  telework  team. 

“We  are  hampered  by  constantly  having 
to  beg  and  plead,”  said  Joice,  speaking  at  a 
conference  focused  on  improving  telework 
acceptance  among  government  agencies. 

Telework  advocates  say  it  can  provide 
government  agencies  and  private  compa¬ 
nies  several  benefits,  including  a  way  to  re¬ 
motely  continue  operations  during  a  na- 


pandemic.  Also  driving  telework  interest 
and  promotion  are  increasing  gas  prices, 
traffic  congestion  and  housing  costs. 

Yet  years  of  telework  advocacy  can’t  ob¬ 
viate  the  latest  crop  of  data  breaches.  In 
addition  to  the  Veterans  Affairs  incident  — 
which  compromised  personal  information 
for  26.5  million  people  —  several  other  re¬ 
cently  disclosed  data  breaches  have  raised 
concerns  about  how  employees  access 
data  when  they’re  away  from  the  office. 

Thieves  stole  a  laptop  from  an  Ernst  & 
Young  employee  that  had  information 
about  more  than  240,000  Hotels.com  users. 
TheYMCA  in  Providence, R.I., also  lost  a  lap¬ 
top  to  thieves  with  personal  information 
related  to  65,000  members.  Other  organiza¬ 
tions  that  lost  data  along  with  laptops 
recently  include  Humana  and  the  Internal 
Revenue  Service. 

Data  losses  shouldn’t  slow  telework 
progress,  but  there  is  a  lesson  to  be  learned, 
telework  advocates  say  “There’s  significant 
ambiguity  in  the  policies  associated  with 
handling  and  managing  sensitive  but 
unclassified  data,”  O’Keeffe  says.  Not  just  for 
teleworkers  but  for  all  office  workers,  he 
points  out. 

The  recent  thefts  are  a  wake-up  call  that 
companies  need  to  do  more  to  protect 
their  data,  agrees  Chuck  Wilsker,  president 


tional  disaster  or  terrorist  attack.  Telecom¬ 
muting  also  could  ease  the  Washington, 
D.C.,  area’s  legendary  traffic  problems,  re¬ 
duce  pollution  and  increase  worker  pro¬ 
ductivity  advocates  say 

But  some  government  managers  seem 
unconvinced  about  the  benefits  and  their 
ability  to  supervise  teleworkers,  said  James 
Lewis,  senior  fellow  and  director  of  the 
Technology  and  Public  Policy  Program  at 
the  Center  for  Strategic  and  International 
Studies.  Some  managers  also  will  question 
studies  suggesting  teleworkers  are  more 
productive,  he  said. 

Ongoing  cybersecurity  concerns  about 
telecommuting  can  be  fixed  with  the  right 
equipment  and  software,  said  representa¬ 
tives  of  RSA  Security,  a  cybersecurity  ven¬ 
dor,  and  iPass,  a  wireless  security  vendor. 

“1  don’t  want  to  dismiss  the  managers 


and  CEO  of  the  Telework  Coalition.“I  would 
love  to  have  been  a  fly  on  the  wall  and  seen 
a  whole  bunch  of  people  in  the  last  couple 
of  weeks  scurrying  back  to  the  office  with 
their  disks  and  proprietary  information  that 
they  shouldn’t  have  taken  out, ’’Wilsker  says. 

The  benefits  of  telework  to  employers  and 
employees  remain  as  strong  as  ever,  but  so 
is  the  need  for  security  “If  you’re  careless, 
there  are  going  to  be  consequences,” 
Wilsker  says. 

In  recent  studies  the  Telework  Coalition 
has  found  that  most  organizations  with  tele¬ 
work  programs  don’t  have  formal  policies 
in  place,  Wilsker  says.  Creating  a  formal, 
written  telecommuting  policy  that  covers 
employee  eligibility,  and  addresses  how 
enterprise  data  and  customer  information 
will  be  stored  and  handled,  for  example, 
can  improve  operations.“There’s  a  need  for 
formality’  he  says. 

Employees  will  continue  to  require 
greater  flexibility  and  agility  and  compa¬ 
nies  need  to  deal  wisely  with  the  trend, 
O’Keeffe  says. 

“Increased  mobility  is  very  clearly  the  way 
of  future.  To  try  and  check  that  would  be 
quixotic.  What  we  have  to  do  is  make  sure 
we’re  training  people,  educating  people 
and  changing  our  culture  to  be  more 
secure,”  O’Keeffe  says.  ■ 


who  have  concerns  here,”  Lewis  said.“What 
do  we  need  to  do  to  make  them  happy?” 

In  May  the  U.S.  Government  Accountabil¬ 
ity  Office  released  a  report  saying  only  nine 
of  23  agencies  surveyed  reported  they  had 
plans  in  place  for  essential  workers  to  tele¬ 
commute.  Only  one  agency  has  told  its 
emergency  team  members  about  telework 
expectations  during  a  disaster. 

Under  legislation  passed  by  Congress  in 
2000,  federal  agencies  are  required  to  offer 
telecommuting  as  an  option  to  eligibie  em¬ 
ployees,  but  Congress  can’t  force  agencies 
to  speed  up  their  plans,  said  J.T.  Griffin,  leg¬ 
islative  aide  to  Rep.  Frank  Wolf  (R-Va.)  and 
a  telework  advocate.H 
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Barriers  remain  for  U.S.  govt,  telecommuters 
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Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ” 


JOHNNY  C.  WHITE 
CIO 

Florida  Guardian  ad  Litem  Program 


Access  your  future  today  at 
citrix.com. 
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for  an  SSL  VPN? 

^  Or  maybe  you  need  a 
wireless  LAN  security  system? 
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The  Network  World  Security  Buyer’s 
Guide  is  the  one  and  only  place 
you’ll  need  to  hit  to  get  detailed  data 
on  the  products  offered  in  each  of 
these  competitive  markets.  We’ve 
built  the  industry’s  most  in-depth 
Security  Buyer’s  Guide  -  comprising  thousands  of 
details  on  hundreds  of  products  in  more  than  20 
specific  security  market  segments.  All  the  data  is 
searchable  according  to  your  network’s  needs. 

[>)  Check  it  out  today, 
www.nwdocfinder/4027. 
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Providers  cast  wider  anti-phishing  net 

Proliferation  of  services  similar  to  explosive  growth  of  anti-spam  industry. 


BY  CARA  GARRETSON 

it’s  easy  to  see  how  phishing,  the  illegal 
practice  of  using  e-mail  to  extract  sensitive 
information  from  unsuspecting  users,  is 
becoming  mainstream:  Count  the  number 
of  messages  in  your  in-box  that  purport  to 
be  from  eBay 

You  also  could  tally  the  number  of  ser¬ 
vices  on  the  market  designed  to  protect  in¬ 
boxes  from  these  malicious  e-mails. 

According  to  the  Anti-Phishing  Working 
Group,  in  March  there  were  18,480  inci¬ 
dents  of  phishing  reported.  In  April  that 
number  dipped  slightly  to  17,490,  then 
rebounded  to  an  all-time  high  of  20,109 
in  May  Much  like  the  anti-spam  market 


Short  Takes 


■  Cogent  Communications  s 

expanding  its  network  in  North 
America  and  Europe.  The  ISP  is 
offering  its  Ultra-High  Bandwidth 
Internet  access  services  in  Phoenix, 
Buffalo,  N.Y.,  and  Milan,  Italy.  In  60 
days,  Cogent  says  it  also  will  expand 
its  service  reach  to  Zurich  and 
Montreal.  The  ISP  is  offering  one 
month  of  free  Internet  access  ser¬ 
vice  in  these  markets.  With  these 
new  markets  Cogent  offers  dedi¬ 
cated  Internet  access  services  in 
95  markets  in  14  countries. 

■  Verizon  has  filed  a  lawsuit 
against  Vonage  Holdings  that 
alleges  infringement  of  patents 
relating  to  VoIP  technology.  The  suit 
identifies  seven  patents  that  Vonage 
allegedly  infringed  on.  Vonage  says  it 
believes  its  services  have  been 
developed  with  its  own  proprietary 
technology  and  technology  licensed 
from  third  parties  and  intends  to 
defend  itself  vigorously  against  the 
lawsuit.  Vonage  says  it  has  engaged 
its  outside  intellectual-property 
counsel  to  investigate  the  matter. 
The  news  sent  Vonage's  beleaguered 
stock  tumbling  an  additional  11.7% 
early  last  week. 


that  exploded  earlier  this  decade,  the 
number  of  security  companies  with  ser¬ 
vices  designed  to  protect  people  from 
phishing  attacks  has  grown  rapidly  over 
the  past  few  years. 

Compounding  the  problem  is  the  fact 
that  phishing  can  do  serious  financial 
damage  to  consumers  and  corporations. 
While  spam  carries  its  own  costs  in  terms 
of  bandwidth,  e-mail  storage  and  lost  pro¬ 
ductivity,  phishing  attacks  can  extract  data 
that  is  sometimes  so  sensitive  it’s  impossi¬ 
ble  to  put  a  price  tag  on  it  (intellectual 
property  for  example). 

Making  matters  worse  is  the  fact  that 
phishers  have  enough  financial  incentive 
to  develop  complex,  obscure  networks  of 
zombie  PCs  to  do  their  phishing  that  they 
are  staying  one  step  ahead  of  vendors. 

“No  one  vendor  can  catch  all  the  phish¬ 


ing  attacks,”  not  even  AOL, 
which  does  the  best  job  of 
protecting  its  subscribers, 
says  Avivah  Litan,  vice  presi¬ 
dent  and  research  director 
at  Gartner. 

Nonetheless,  the  security 
market  is  responding.  Anti¬ 
phishing  products  designed 
for  consumer  use  have  been 
available  for  a  few  years, 
such  as  tools  from  AOL  and 
EarthLink  that  help  protect 
their  subscribers  from  the 
threat.  Protection  for  enter¬ 
prises  has  taken  longer  to 
evolve  —  perhaps  because  phishing  has 
been  viewed  as  a  consumer  problem  — 
but  today  many  security  vendors  offer 
phishing  protection  either  by  blocking 


malicious  e-mail  from 
entering  users’  in-boxes, 
or  by  halting  access  to 
URLs  that  are  known 
phishing  sites.  While  such 
features  are  touted  by 
makers  of  Web-  and 
e-mail-filtering  software 
and  appliances,  some  say 
the  most  effective  way  for 
enterprises  to  prevent 
phishing  is  through  a 
hosted  service  that  never 
lets  the  dangerous  e-mail 
onto  a  corporate  network 
to  begin  with. 

Many  of  the  established  companies 
that  host  e-mail  security,  such  as 
AppRiver,  MessageLabs,  Microsoft  (for- 
See  Anti-phishing,  page  38 


Scam  sites 

The  number  of  new 
phishing  Web  sites 
continues  to  increase. 

January 

9,715 

February 

9,103 

March 

9,666 

April 

11,121 

May 

11,976 

EYE  ON  THE  CARRIER 

Johna  Till  Johnson 


I  recently  caught  the  movie  “8  Below;”  the 
story  of  a  team  of  sled  dogs  that  are  aban¬ 
doned  and  subsequently  rescued  by  sci¬ 
entists  in  Antarctica.  It’s  about  as  silly  as  it 
sounds  —  perfect  summer  fare,  particu¬ 
larly  for  those  younger  than  age  10. 

I  loved  it,  of  course.  But  then,  I’m  a 
sucker  for  movies  in  which  the  National 
Science  Foundation  plays  a  starring  role 
(the  rescue  team  is  funded  by  the  NSF). 
You  see,  from  what  I  can  tell,  the  NSF  is 
one  of  the  few  organizations  that’s  fight¬ 
ing,  er,  doggedly  to  reverse  one  of  the 
most  worrying  trends  in  science  and 
engineering:  the  R&D  funding  crisis. 

As  noted  previously  in  this  column  (see 
www.nwdocfinder.com/4063  and  /4064) 
healthy  R&D  funding  is  key  to  a  healthy 
economy.  Despite  some  bright  spots, 
however,  R&D  funding  in  this  country  is 
in  serious  trouble. 

First,  the  good  news:  After  years  of  flat¬ 
lining  and  downright  decreases,  the  NSF’s 
2007  budget  increased  a  whopping  7.8% 
over  2006,  adding  $439  million  to  top  out 


The  R&D  funding  crisis 


at  $6  billion.  Better  still,  some  $16  million 
of  that  funding  is  earmarked  for  profes¬ 
sional  development  of  teachers  and  sci¬ 
ence  educators,  and  $803  million  is  part  of 
the  NSF’s  involvement  in  Networking  and 
Information  Technology  Research  and  De¬ 
velopment  (NITRD),  a  multiagency  initia¬ 
tive  that  seeks  to  ensure  U.S.  leadership  in 
networking  and  information  technologies 
by  investing  in  long-term  scientific  and 
engineering  research. 

NITRD,  funded  by  the  American  Com¬ 
petitive  Initiative,  was  announced  by 
President  Bush  in  January;  it  earmarks 
some  $1.3  billion  in  new  federal  funding 
plus  an  additional  $4.6  billion  in  R&D  tax 
incentives  toward  scientific  R&D,  educa¬ 
tion  and  worker  training. 

It’s  all  great  stuff.  But  there’s  a  catch:  One 
of  the  reasons  the  feds  are  investing  more 
heavily  in  R&D  is  that  the  private  sector  is 
investing  less.  The  NSF  estimates  that  pri¬ 
vate-sector  funding  has  dropped  by  18% 
from  2001  to  2003  (the  last  year  in  which 
statistics  are  available).  And  to  be  clear: 
70%  of  annual  U.S.  R&D  funding  —  $220 
billion  per  year  —  comes  from  the  private 
sector.  (See  www.nwdocfinder.com/4065 
for  these  and  other  statistics.) 

The  bottom  line?  Single-digit  increases 


in  federal  R&D  investment  —  however 
laudable  —  can’t  make  up  for  double¬ 
digit  decreases  in  private-sector  R&D 
investment.  Tech  companies  are  among 
those  that  have  cut  back  most  heavily:  In 
recent  years  HR  Lucent,  Microsoft  and 
Sun  all  have  announced  decreases  in 
R&D  spending. 

It’s  hard  to  fault  them.  Markets  reward 
companies  with  lean  operations,  not  those 
plowing  money  into  investments  that  may 
not  pan  out.  (Some  of  my  investment- 
analyst  buddies  have  been  grumbling  that 
Microsoft’s  still  spending  too  much  on 
R&D.)  Companies  that  don’t  invest  heavily 
—  think  Cisco  or  Apple  —  find  it  less 
expensive  and  easier  to  cull  top 
researchers  from  other  companies  (or 
academia)  than  to  build  their  own  labs. 

Yet  innovation  is  the  lifeblood  of  the 
future  economy  —  which  is  why  govern¬ 
ment  investment  is  so  critical.  Hats  off  to 
the  folks  at  the  NSF  And  let’s  hope  they’re 
ready  to  run  another  rescue  mission:  sav¬ 
ing  U.S.  R&D  investment. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Anti-phishing 

continued  from  page  37 

merly  Frontbridge),  Fostini  and 
Symantec  have  tuned  their  filters 
that  catch  unwanted  commercial 
e-mails  to  flag  phish  also. Turning 
to  anti-spam  service  providers  for 
protection  from  phishing  makes 
sense  for  enterprises,  because  the 


approaches  to  spotting  the  two 
are  similar,  says  one  analyst. 

Anti-phishing  “is  definitely  part 
of  the  same  technology”  as  spam 
catching,  says  Richi  Jennings, 
lead  analyst  with  Ferris  Re¬ 
search. “Its  the  same  sort  of  rules 
and  heuristics  used  to  spot 
phishing  messages  [as  spam 
messages],  but  they  are  subtly 


but  importantly  different.” 

“Technically  speaking,  phishing 
is  just  a  form  of  spam,  where  the 
call  to  action  for  the  recipient 
just  happens  to  be  a  lot  worse 
than  clicking  through  to  some 
site  selling  herbal  Viagra,”  echoes 
Andrew  Lochart,  Postini’s  senior 
director  of  marketing.  There  are 
nuances  Postini  looks  for  in 


inbound  e-mails  —  how  the  URL 
linking  to  the  fraudulent  site  is 
displayed  in  messages,  how  the 
SMTP  conversation  took  place 
among  servers  —  to  help  spot 
phishing  attacks. 

Despite  the  dangerous  nature 
of  phishing  and  its  alarming 
growth  rate,  few  customers  are 
asking  specifically  for  protection 
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from  this  threat;  instead,  they  see 
it  as  part  of  the  entire  e-mail  secu¬ 
rity  package,  he  says.  “Customers 
understand  that  phishing  is  a 
type  of  spam;  they’re  saying  they 
need  help  with  all  the  garbage” 
being  sent  over  the  Internet  these 
days,  Lochart  says. 

Not  only  does  it  make  sense 
from  a  technical  standpoint  to 
get  phishing  protection  from 
e-mail  security  vendors,  but  one 
hosted  service  user  says  it  also 
makes  life  easier. 

“If  you  find  a  service  that  works 
for  you  and  you’re  happy  with 
the  return,  and  the  company 
you’re  working  with  can  offer  an 
additional  service,  clearly  that’s 
an  easy  call,” says  Frank  Gillman, 
director  of  technology  with  law 
firm  Allen  Matkins  in  Los 
Angeles,  which  uses  Microsoft 
Exchange  Hosted  Services  to 
protect  its  500  users  from  e-mail 
threats.  “If  we  noticed  more 
phishing,  we’d  look  to  supple¬ 
ment  what  [Microsoft]  is  doing, 
but  based  on  the  tests  we’ve  run, 
that’s  not  the  case.” 

It  would  be  even  simpler  to  get 
phishing  protection  directly 
from  the  corporate  ISP  and  ser¬ 
vice  providers  including  AT&T, 
Sawis  Communications,  Sprint 
and  Verizon  Business  have 
begun  bundling  e-mail  security 
into  their  offerings.  These  ISPs 
typically  resell  the  services  of 
companies  such  as  Postini  and 
MessageLabs,  claiming  an 
advantage  because  enterprises 
would  have  one  less  service 
provider  to  deal  with  and  often 
can  negotiate  a  better  price  with 
their  existing  provider. 

Some  say  it’s  the  responsibility 
of  ISPs  to  protect  their  cus¬ 
tomers  —  be  they  consumers  or 
corporations  —  from  phishing 
attacks.  Those  service  providers 
who  do  it  well  will  be  rewarded 
by  customer  loyalty,  one  analyst 
says. 

“Frankly,  it’s  not  the  role  of  a 
corporation  to  stop  phishing 
attacks;  they  don’t  have  that 
reach,”  Gartner’s  Litan  says.  “That 
is  the  job  of  the  ISP  and  it’s 
becoming  a  competitive  edge.”B 


nww.com 

Anti-spam  Buyer's  Guide 

Find  detailed  information  on  more  than 
100  anti-spam  products.  Check  out  our 
online  Buyer's  Guide 

www.nwdocfinder.eom/4039 
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TECHNOLOGY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Protocol  measures 


IP  performance 

HOW  IT  WORKS:  TWAMP 

Two-Way  Active  Measurement  Protocol  (TWAMP)-enabled  devices  cooperate 
to  measure  IP  performance  without  requiring  dedicated  probes  or  proprietary 
protocols.  - 


Q  The  performance  management  system  instructs  the  network  element  to  set  up  performance- 
measurement  sessions  with  selected  TWAMP-enabled  devices. 

B  The  network  element  initiates  and  completes  the  TWAMP  measurement  sessions. 

H  The  two-way  IP  performance  measurements  are  collected  and  stored  in  a  central  database  by  the 
performance  management  system. 


BY  KAYNAM  HEDAYAT 

Measuring  the  performance  of  IP  net¬ 
works  through  the  use  of  standard  proto¬ 
cols  has  always  been  a  challenge.  The 
inventors  of  IP  provided  some  tools, such  as 
Internet  Control  Messaging  Protocol  ping, 
Traceroute  and  User  Datagram  Protocol 
(UDP)  Echo,  as  part  of  the  TCP/IP  suite  of 
protocols.  However,  these  tools  were  not 
intended  to  conduct  overall  performance 
measurements  but  were  designed  for  sim¬ 
ple  troubleshooting  of  IP  networks.  As  a 
result,  there’s  a  need  for  standards-based, 
effective  performance-monitoring  tools 
within  enterprise  networks. 

Adding  flexibility 

The  IETF  aims  to  fill  that  need  with  a  new 
draft  standard  developed  by  the  organiza¬ 
tion’s  IP  Performance  Metrics  working 
group.  The  Two-Way  Active  Measurement 
Protocol  (TWAMP)  defines  a  flexible 
method  for  measuring  round-trip  IP 
performance  among  any  two  devices  in  a 
network  that  support  the  standard.  With 
TWAMP  enterprise  IT  managers  can  effec¬ 
tively  measure  the  complete  IP  perform¬ 
ance  of  underlying  transport  through  coop¬ 
eration  between  network  elements  that 
have  already  been  deployed. 

In  the  past,  protocols  were  proprietary 
As  such,  there  was  no  interoperability 
among  devices  from  multiple  vendors. 
This  approach  worked  well  for  equipment 
providers,  as  it  forced  their  IT  customers 
to  purchase  and  deploy  their  products 
throughout  the  network. 

TWAMP  provides  operators  of  large 
enterprise  networks  a  flexible  choice  of 
solutions  and  full  visibility  into  network 


performance  via  interoperability  among 
all  devices  deployed  in  their  networks.  It 
works  by  measuring  core  and  edge  IP 
performance  through  cooperation 
between  the  routers  and  switches  in  the 
network. 

Any  two  endpoints  can  interoperate  and 
therefore  obviate  the  need  for  managers 
to  deploy  systems  with  closed  proprietary 
protocols  for  measuring  performance. 

TWAMP  Architecture 

TWAMP  defines  two  sets  of  protocols:  one 
for  setting  up  performance-measurement 
sessions,  called  the  control  protocol,  and 
another  for  transmission  and  reception  of 
performance-measurement  probes. 

The  control  protocol  enables  endpoints 
to  negotiate  and  start  a  performance¬ 
monitoring  session. The  protocol  for  trans¬ 
mission  and  reception  of  probes  that  mea¬ 
sure  performance  defines  the  packet  for¬ 
mat  that  is  needed  for  measuring  round- 
trip  performance.This  part  of  the  protocol 
is  designed  to  accommodate  hardware- 
based  implementations  in  order  to 
offload  local  CPUs  during  performance- 
measurement  sessions. 

The  TWAMP  architecture  is  composed  of 
several  entities  that  are  responsible  for  start¬ 
ing  the  monitoring  session  and  exchanging 
packets.  TWAMP  defines  different  entities 
for  flexibility  and  some  of  them  can  be  col¬ 
located  for  ease  of  implementation. 

TWAMP  Light 

The  TWAMP  control  protocol  provides 
a  flexible  way  to  set  up  monitoring  ses¬ 
sions  and  exchange  information 
between  transmitter  and  receiver  of 


monitoring  packets.  In  such  scenarios,  it 
is  possible  to  eliminate  the  need 
for  some  of  the  entities  in  TWAMP  This 
simplified  architecture  is  defined  as 
TWAMP  Light  within  the  standard. 

TWAMP  Light  is  designed  to  help  imple¬ 
ment  the  standard  for  entities  that  act  as 
active  responders  to  TWAMP  controllers 
within  the  network,  thereby  enabling  the 
measurement  of  two-way  IP  performance 
from  anywhere  in  the  network. 

Standards-based  performance  mea¬ 
surement  protocols  are  needed  within 
large  enterprises  to  create  an  ecosystem 


where  IP  performance  metrics  are 
obtained  through  cooperation  among 
network  elements. 

Through  the  use  and  deployment  of 
TWAMP  enterprises  can  avoid  the 
costly  deployment  of  performance- 
management  systems  with  proprietary 
protocols  while  effectively  measuring 
the  IP  performance  of  their  network  at 
all  locations. 

Hedayat  is  vice  president  of  engineering 
and  CTO  of  Brix  Networks.  He  can  be 
reached  at  khedayat@brixnet.com. 


We  want  to  install  our  own  bug-tracking  sys¬ 
tem.  What  does  it  take  to  get  Bugzilla  up  and 
running? 

Bugzilla  (www.bugzilla.org)  requires  a  Web  server, 
Perl,  MySQL  or  PostgreSQL  and  a  Sendmail- 
compatible  mail  program  to  use  all  Bugzilla's  fea¬ 
tures.  Recent  versions  can  run  on  Windows  systems 
without  too  much  trouble,  but  inbound  mail  is  not  sup¬ 
ported.  To  install,  download  the  latest  release  and 
unpack  it  in  the  Web  directory  you  want  it  to  run  from 


(instructions  are  in  the  QuickStart  file  and  docs 
directory).  Run  the  checksetup.pl  script  —  at  the  end 
of  the  output  will  be  a  list  of  required  Perl  modules, 
along  with  command  lines  that  need  to  be  executed. 
After  installing  the  required  modules  and  prerequisite 
programs  listed  in  the  checksetup.pl  output,  edit  the 
file  named  "localconfig"  in  the  Bugzilla  directory 
(instructions  are  in  the  script  output).  Then  add  a 
database  instance  named  "bugs"  and  a  user  named 
“bugs"  to  your  MySQL  configuration  using  the  mysql 
command-line  client  or  any  MySQL  management  soft¬ 


ware,  and  rerun  the  checksetup.pl  script  to  create 
the  MySQL  database  tables  and  initial  Bugzilla  home 
page  file.  Log  on  to  your  Bugzilla  site  using  the 
administrator  name  and  password  defined  in  the 
localconfig  file  and  adjust  the  site  parameters  in  the 
administration  menu,  and  you  should  have  a  running 
bug-tracking  system. 

Blass,  a  network  architect  at  Change@\Vork  in 
Houston,  can  be  reached  at  dr.internet@changeat 
work.  com. 
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Real  tools  for  real  geeks 


Tools  are  a  big  deal  here  at  the 
Gearhead  Underground  Test  Bunker 
and  Sausage  Factory  —  our  motto 
(stolen  from  Otto  von  Bismarck): 
“Laws  are  like  sausages,  it  is  better 
not  to  see  them  being  made.” 

When  we  write  “tools”  we  mean,  not 
just  software  tools  but  real  tools, 
because  when  it  comes  to  moving 
equipment  or  data  centers,  having 
the  right  tools  is  the  difference 
between  getting  a  really  nice  result 
and  getting  something  that  looks  like 
it  was  mangled  by  a  herd  of  wild  buffalo. 

A  tool  we  received  a  sample  of  some  time  ago  and  have 
grown  to  love  is  the  Bionic  Wrench  from  Loggerhead  Tools 
(www.nwdocfinder.com/4067).This  is  a  wrench  with  a  dif¬ 
ference:  It  is  infinitely  adjustable,  like  your  regular 
adjustable  wrench  —  but  far  more  effective. 

When  you  squeeze  the  grips  a  clever  arrangement  of 
cams  extends  six  jaws  to  grip  a  nut  or  bolt  head.  Because 
the  bolt  head  is  completely  surrounded,  as  long  as  you 
hold  the  grips  firmly  you  can’t  remove  the  edges  of  the  bolt 
you’re  struggling  with.  You  also  stand  a  lot  less  chance  of 
stripping  the  skin  from  your  knuckles,  as  often  happens 
when  a  regular  adjustable  wrench  loses  its  grip. 

The  six-inch  version  can  grip  1/4-  to  9/ 16-inch  SAE  bolts 
and  also  7mm  to  11mm  metric  bolts,  the  8-inch  version 
handles  from  7/16-  to  3/4-inch  and  11mm  to  20mm  bolts, 


and  the  10-inch  version  accommodates  3/4-  to  1-1/4-inch 
and  19mm  to  30mm  bolts. 

The  only  limitation  of  the  Bionic  Wrench  is  that  the  clear¬ 
ance  around  the  bolt  you’re  working  on  can  be  no  smaller 
than  2  inches  for  the  6-inch  model  and  3  or  4  inches  for  the 
other  models. 

Priced  at  $28.95,  $32.95  and  $36.95  for  the  6-,  8-  and  10- 
inch  models  respectively  the  Bionic  Wrench  is  guaran- 

Tools  are  a  big  deal  here  at  the 
Gearhead  Underground  Test 
Bunker  and  Sausage  Factory. 

teed  forever  or  until  the  heat  death  of  the  universe, 
whichever  comes  first. 

The  company  also  recently  produced  an  open-ended  ver¬ 
sion  of  the  Bionic  Wrench  called  the  Bionic  Grip  (see 
www.nwdocfinder.com/4068). 

Another  cool  real  tool  that  landed  on  our  bench  was  the 
Dremel  Stylus.The  Dremel  Rotary  Tool  is  one  of  those  tools 
you  just  have  to  have,  and  the  Stylus  is  its  cool  brother. 
Unlike  the  regular  Dremel,  the  Stylus  (www.nwdoc 
finder.com/4069)  is  cordless. 

Powered  by  a  lithium-ion  battery  the  Stylus  has  a  pistol 
design, which  makes  it  more  maneuverable  and  gives  more 
precise  control.You  select  the  rotational  speed  using  a  dial 
on  one  end  of  the  Stylus;  on  and  off  are  controlled  by  a 
latching  switch  at  the  front  end. 


We  really  like  this  tool.  We  had  an  aluminum  2U,  rack¬ 
mounted  server  enclosure  that  we  needed  to  modify  so 
we  could  route  some  cables  more  elegantly.  The  Stylus 
was  the  easiest  tool  with  which  to  drill  and  deburr  the 
holes.  The  Dremel  Stylus  comes  with  a  docking  and 
recharging  station,  a  selection  of  bits,  and  a  two-year  war¬ 
ranty  for  around  $67  to  $70. 

Our  final  real  tool  is  another  Dremel  product:The  Dremel 
Work  Station  Model  220.  If  you  own  a  Dremel  Rotary  Tool 
275, 285, 295, 300, 395, 398, 400, 780  or  800,  the  Work  Station 
converts  it  into  a  drill  press,  a  tool  holder  for  polishing  and 
grinding,  or,  if  you  use  a  flex  shaft,  a  hanger  for  the  tool. 

As  a  drill  press  the  Work  Station  lets  you  drill  perpen¬ 
dicular  as  well  as  angled  holes  in  15-degree  increments 
up  to  90  degrees  horizontal  with  a  maximum  drill  depth 
of  2  inches. 

When  we  built  our  networked  irrigation  system  back  in 
’04  (see  www.nwdocfinder.com/4070),  it  would  have 
been  much  easier  to  use  our  Dremel  400  in  the  Work 
Station  than  our  drill  press,  which  was  too  large.  Since 
we’ve  had  the  Work  Station  we’ve  found  all  sorts  of  uses, 
from  drilling  holes  in  printed  circuit  boards  (a  timer  for  a 
smoke  machine  —  what  every  home  needs  on 
Halloween)  to  grinding  pieces  in  an  old  Crane  valve  stem 
dating  from  the  1940s.  (No,  it  didn’t  work  —  those  old  fit¬ 
tings  get  really  fragile.) 

So,  what  cool  real  tools  are  you  using  ?  Empty  your  tool  box 
on  Gibbsblog  or  at  gearhead@gibbs.com. 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


The  scoop:  MouseTalk,  from  Sony  about  $80 
What  it  is:  A  USB  mouse  with  the  Vaio  branding,  this  peripheral 
also  opens  up  to  become  a  Skype-certified  handset  (or  other 
VoIP  software  application).  When  used  as  a  mouse,  it  operates  as  a  three-button 
mouse  with  800-dot-per-inch  resolution.  When  opened  up  to  become  a  VoIP 
handset,  the  scroll  button  can  be  used  to  mute  calls  or  raise  and  lower  the  vol¬ 
ume.  Other  voice  features  are  echo  cancellation  and  a  blue  LED  that  indicates 
incoming  calls. 

Why  it’s  cool:  Because  I  love  when  two  seemingly  differ¬ 
ent  technologies  converge  into  one  device,  I  was  fascinat¬ 
ed  by  the  combination  of  VoIP  handset  and  mouse.  This 
device  is  meant  for  mobile  workers  who  travel  and  want  the 
portability  of  a  travel  mouse  and  a  VoIP  handset  without  car¬ 
rying  two  devices.You  also  can  use  the  device  as  a  hands-free 
speakerphone  by  opening  the  clamshell  halfway. 

Some  caveats:  Once  you  open  the  clamshell  device  to  use 
it  as  a  phone,  you  lose  the  ability  to  mouse  around; 
you  need  to  start  your  phone  calls  first,  then 
open  the  device.  As  a  handset,  the  hard  plastic 
becomes  uncomfortable  on  your  ears  after  a 
while,  and  the  sound  quality  was  lower  than  that  of 
other  Skype-enabled  handsets  I’ve  tried. This  should 
only  be  used  when  traveling,  because  the  size  and 
portability  are  excellent  —  as  an  office  or  home 
phone/mouse,  there  are  better  options. 

Sony's  MouseTalk  combines  Grade:  ★★★* 
a  mouse  and  a  VoIP  handset.  (out  of  five) 


Manage  your  serial  devices 
via  Bluetooth  with  the 
BlueConsole2. 


The  scoop:  Blue- 
Console2,  serial-to- 
Bluetooth  adapter, 
from  BlueConsole, 
about  $130 

What  it  is:  A  serial-to-Blue- 
tooth  adapter,  it  converts  a 
serial  port  to  Bluetooth,  so 
you  can  connect  from  a  mobile 
device  to  manage  or  configure  any 
serial  device. 

Why  it’s  cool:  Laptops  rarely  have  serial  ports  anymore,  so  you’ve  probably  been 
using  a  serial-to-USB  dongle  when  you  need  to  talk  to  the  console  port  of  a  device. 
The  folks  at  BlueConsole  have  a  better  idea:  Get  out  of  the  cold,  noisy  badly  lit  com¬ 
puter  room  and  use  Bluetooth  instead.  The  BlueConsole2  weighs  less  than  an 
ounce,  is  about  the  same  size  as  a  9-volt  battery  and  acts  as  a  serial-to-Bluetooth 
adapter.  Sit  at  your  desk  (as  long  as  you’re  within  Bluetooth  range,  about  30  feet  or 
so),  and  manage  wirelessly. The  BlueConsole2  is  especially  cool  because  it  draws 
power  from  the  serial  port,  which  means  you  don’t  need  a  power  brick.  For  devices 
without  enough  power,  a  9-volt  adapter  lets  you  attach  a  battery  to  the  end.  We 
tested  our  device  with  Mac  OS  X,  Windows  and  a  Symbian  cell  phone.  We’re  never 
going  back  to  that  old  USB-to-serial  console  cable! 

Roving  Networks  also  sent  us  two  of  its  Bluetooth-to-serial  adapters,  the 
BluePort  II  and  the  BluePort  XP  The  XP  solves  the  power  problem  with  an  inter¬ 
nal  battery.  An  external  power  adapter  can  charge  the  XP  when  the  internal  bat¬ 
tery  runs  down. 

Grade:  ★★★★V 

Special  Cool  Tools  Correspondent  Joe!  Snyder  contributed  to  this  report.  Shaw 
can  be  reached  at  kshaw@nww.com.  New  Cool  Tools  Video  Show  every  Thursday 
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Application,. 

A  reriormance 


Poor  application  performance  is  a  problem 
with  which  many  IT  departments  are  all  too 
familiar.  An  August  2003  study  by  Network 
World  and  Racketeer  found  that  more 
than  60%  of  the  IT  respondents  had 
experienced  significant  application  per¬ 
formance  degradation  -  a  number  that 
climbed  to  nearly  85%  for  companies  with 
revenues  exceeding  $1  billion. 

This  problem  has  negative  effects 
throughout  a  business,  from  reduced 
employee  productivity  to  increased 
customer  dissatisfaction  and  loss  of 
business.  It  also  significantly  reduces  IT 
department  efficiency,  as  staff  members  are 
repeatedly  pulled  away  from  development 
projects  to  troubleshoot  performance 
issues. 

Why  monitor  application 
performance? 


sure  that  new  applications  won't  introduce 
performance  bottlenecks  before  rolling 
them  out." 

A  major  northeastern  commercial  bank 
values  good  application  performance 
because  it  maintains  end  users'  productivi¬ 
ty  -  so  when  problems  do  occur,  the  bank 
needs  to  troubleshoot  them  efficiently.  "We 
were  spending  a  minimum  of  20  hours  a 
month  -  sometimes  up  to  two  or  three 
weeks  -  trying  to  diagnose  the  cause  of 
application  slowdowns,"  says  a  network 
engineer.  "We  just  didn't  have  the  staff  to 
keep  doing  that."  A  particular  problem, 
he  notes,  was  trying  to  determine  if  a 
slowdown  was  a  network  issue  or  a  server 
issue.  "When  our  network  team  thought  it 
was  a  server  problem,  the  server  team 
would  often  claim  it  was  a  network  prob¬ 
lem,"  he  said.  "It  was  difficult  to  pinpoint 
the  exact  trouble  spot." 


Companies  have  many  reasons  for 
monitoring  application  performance. 

A  major  insurance  company  wanted  to 
proactively  track  compliance  with  service 
level  agreements  (SLAs).  The  company  also 
wanted  to  test  how  infrastructure  changes 
(such  as  consolidating 
servers)  would  affect 
end-user  response 
times,  as  well  as  reduc¬ 
ing  troubleshooting 
time  by  seeing  exactly 
what  was  happening  at 
the  time  a  problem 
occurred. 

A  large  financial  services  company  consid¬ 
ers  good  application  performance  to  be  an 
end  in  itself.  "Efficient  operation  of  our 
networked  applications  is  a  key  element  in 
attaining  our  corporate  vision,"  says  the 
company's  IT  manager.  "In  addition  to 
delivering  high  levels  of  performance  to  our 
large  user  base,  we  need  to  make 


Fluke  Networks  SuperAgent 
to  the  rescue 

All  three  of  these  companies  have  found 
that  Fluke  Networks'  SuperAgent 
Application  Performance  Analyzer  provides 


accurate,  detailed  insight  into  end-user 
response  times  throughout  the  enterprise. 
As  a  result,  IT  staff  can  quickly  determine 
whether  a  problem  is  network,  application, 
or  server  related  and  can  rapidly  resolve  the 
issue. 

For  example,  according  to  the  insurance 
company's  IT  manager,  "SuperAgent  helps 
us  better  serve  our  end  users  by  being 


"When  our  network  team  thought  it  was  a 
server  problem,  the  server  team  would  often 
claim  it  was  a  network  problem.  It  was 
difficult  to  pinpoint  the  exact  trouble  spot." 

-  Network  engineer  from  a  major  commercial  bank 


Solving  Application  Performance  Problems 

A  Proactive  Approach 


proactive  with  appli¬ 
cation  performance 
issues  -  and  being 
able  to  more 
effectively  baseline 
application  perform¬ 
ance  helps  us  ensure 
that  we  meet  our 
established  Service 
Level  Agreements  for 
transaction  times." 

When  problems  do 
arise,  he  notes  that  SuperAgent  "can  mean 
the  difference  between  a  one-hour  slow¬ 
down  and  a  one-day  slowdown." 

The  financial  services  company  has  found 
that  SuperAgent  helps  with  everything  from 
service  level  management  to  resolving 
performance  issues  to  capacity  planning. 
The  solution  also  has  virtually  eliminated 
finger  pointing  and  wasted  cycles.  "Before, 
we  could  easily  spend  four  hours  trying  to 
determine  the  cause  of  the  problem,"  says 
the  director  of  network  operations.  "With 
SuperAgent  monitoring  the  network  core, 
we  can  identify  the  trouble  cause  in  about 
15  minutes."  As  a  result,  development 
teams  spend  their  time  creating  and 
deploying  needed  applications  rather  than 
being  bogged  down  resolving  problems. 

The  commercial  bank  finds  that 
SuperAgent's  performance  monitoring 
capabilities  make  the  IT  department  more 
proactive,  identifying  and  resolving 
problems  before  users  are  even  aware  of 
them.  The  tool's  enhanced  troubleshooting 
capabilities  save  them  at  least  20  hours  a 
month  -  plus  it  has  made  a  big  difference 
in  the  relationship  between  the  network 
and  server  teams,  replacing  finger  pointing 
with  cooperation.  "Now  the  server  team 
comes  to  us  when  they  have  a  problem  and 
asks  us  to  monitor  their  servers,"  says  a 
network  engineer.  "We  also  get  requests  for 


troubleshooting  help  from  other  business 
groups  in  the  main  office.  They  all  think 
SuperAgent  is  fantastic  -  they  are  over¬ 
whelmingly  impressed  with  its  reports." 
He  also  describes  a  case  where  slow  per¬ 
formance  of  a  vendor-hosted  application 
was  causing  a  department  to  fall  behind  in 
its  work.  SuperAgent  identified  the  vendor's 
server  as  the  source  of  the  problem,  and  the 
vendor  -  who  hadn't  previously  been  aware 
of  the  difficulty  -  was  able  to  quickly  fix  it. 

The  bank  is  so  impressed  with  SuperAgent 
that  it  soon  will  be  performing  full  server 
monitoring,  with  reports  on  server  avail¬ 
ability  and  alerts  when  utilization  levels 
exceed  a  fixed  percentage.  It  will  also  use 
SuperAgent's  results  to  set  up  SLAs  with 
its  branch  offices,  so  it  can  demonstrate 
compliance  with  agreed-upon  availability 
and  uptime  figures.  "We  just  couldn't  do 
any  of  this  without  SuperAgent,"  concludes 
the  bank's  network  engineer. 

For  more  information  about  application 
performance  management  solutions 
visit  www.flukenetworks.com/APM 
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l~mil  NEWSLETTER  SHOWCASE:  IT  careers  and  training 

Work  experience  vs.  certifications 


BY  LINDA  LEUNG 

In  response  to  the  newsletter, 
“Do  certifications  carry  as  much 
weight  as  they  used  to?”  I  asked 
readers  whether  employers  are 


less  demanding  of  certifications. 
One  reader  responded  with  a 
question  of  his  own: 

“I  have  been  working  in  IT  for 
more  18  years  and  have  found 


that  certs  do  help  when  it  comes 
to  qualifications.  However,  experi¬ 
ence  of  five-plus  years  may  help  if 
you  don’t  have  or  only  have  the 
‘minor’  certifications.  Most  firms 


will  hire  a  certified  professional 
without  any  experience  over  an 
individual  with  years  of  experi¬ 
ence.  I  pose  a  scenario  to  you: 

“Position  Available  for  a  Network 


How  many  tools  do  you  use  to 
Certify,  Identify,  Configure  &  Document 
your  Ethernet  network? 

(That’s  too  many  1) 


Introducing  Validator-NT 


The  All-in-One  Network  Management  Tool 


CONFIGURE  links  between  nodes  at  Gigabit  speed. 

Check  IP  addresses  on  netmask,  Gateway/routers  and  domain 
name  servers.  Confirm  links  between  equipment  for  changes 
or  upgrades. 


DOCUMENT  the  network  with  the  included  powerful 
Plan-Um  '  software.  Create  layouts  of  offices/premises  or  import 
existing  Visio/AutoCAD  drawings.  Show 
cables  and  equipment  they  connect  to  in 
physical  locations.  Print  out  layouts  and 
corresponding  Cable  Test  Schedules.  The  Network 
Tool  section  of  Plan-Um1"  allows  you  to  create  a  complete 
topology  layout  of  the  network  for  on-site  reference,  showing 
connections,  equipment  and  cable  pathways.  You  can  add  notes  to  each 
component  of  the  network  for  future  add,  changes,  and  move  legacy  information. 


Powerful  Plan-Urn™ 
software  included 


Everything  you  need  to  Test,  Trace  and  Tune  your  Ethernet  Network. 


NT955 
MSRP  only 
$1495.00 


Test-Um  Inc. 

The  Intelligent  Test  Solutions  Company 

805-383-1500  •  FAX  805-383-1595  •  www.test-um.com 


CERTIFY  individual  Ethernet  cable  runs  up  to 
1  Gigabit  Speed  per  IEEE802.3  specifications. 

Test  for  TIA568  Interconnect  problems.  Determine 
fault  locations,  cable  length  and  delay  or  noise 
conditions.  Produce  and  print  cable  test  schedules 
and  cable  test  results.  Qualify  lines  for  VoIP  usage. 


IDENTIFY  active  components  of  your  network  on 
the  other  end  of  the  cable.  Identify  all  types  of  equipment 
and  port  service  discovery  with  advertised  speed  ratings 
and  DHCP  negotiation.  Access  IP  addresses,  ping  equipment 
and  flash  hubs/switches  for  positive  port  location. 


4"  color  LCD  screen 

Lithium/ion  battery 
provides  8  continuous 
hours  of  use 

Unlimited  flash 
card  memory 


Technician/Administrator.  Three 
people  apply  for  this  position. 
Applicant  No.l  has  10-plus  years 
experience  as  an  admin  but  has 
no  certs.  Applicant  No.  2  has  five- 
plus  years  as  an  admin,  with 
CompTIA’s  A+,  Network  +,  Secur¬ 
ity-1-  &  Server-t-  certifications.  Appli¬ 
cant  No.  3  has  one  year  of  experi¬ 
ence  as  network  technician  and 
holds  an  NT  4  MCSE  +  Internet 
certification.  Who  do  you  think 
the  company  is  going  to  hire?” 

James  Del  Monte,  president  of 
staffing  firm  JDA  Professional  Ser¬ 
vices,  says:  “Having  formal  educa¬ 
tion  or  certification  is  always  bet¬ 
ter  than  not  having  it.  It  shows  that 
there  is  a  base  line  of  knowledge 
and  gives  comfort  to  those  who 
may  not  have  the  technical  skills 
to  truly  qualify  a  candidate’s  tech¬ 
nical  ability  Having  relevant  expe¬ 
rience  is  always  better  than  no  ex¬ 
perience.  So  the  ideal  person  has 
the  formal  training  required  for 
the  position  as  a  base  line  and 
enough  experience  to  do  the  job. 
The  irony  is  that  larger  companies 
are  less  concerned  about  certifi¬ 
cations  and  more  interested  in  ex¬ 
perience;  however  the  larger  com¬ 
panies  are  more  willing  to  pay  for 
their  employees  to  get  or  maintain 
their  certifications.” 

Karen  Person,  regional  manag¬ 
ing  director  of  Texas  for  Spherion, 
identified  applicants  No.  1  and  No. 
2  to  be  in  the  running  for  the  posi¬ 
tion.  "We  are  finding  more  clients 
are  looking  for  people  who  have 
experience  in  similar  [IT]  envi¬ 
ronments.  The  right  fit  from  a  cul¬ 
ture  perspective  is  important  . . . 
candidates  who  know  how  to 
work  well  within  the  unique  envi¬ 
ronment  of  the  company  and  the 
specific  team.  Team/peer  inter¬ 
views  are  playing  a  major  role  in 
hiring  decisions  today’ she  says. 

“While  holding  certifications 
is  gaining  momentum,  it  is  not  the 
end-all  solution.  Many  people  are 
deciding  to  get  certified  in  differ¬ 
ent  programs  to  advance  their 
career, "she  says.  ■ 
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E-MAIL  NEWSLETTER  SHOWCASE:  Wide-area  networking 

Insanely  paranoid  about  voice  quality 


BY  STEVE  TAYLOR 
AND  JIM  METZLER 

Last  time,  we  continued  a  dis¬ 
cussion  of  what  happens  in  an 
MPLS  network  if  defined  traffic 
levels  are  exceeded  so  that  some 
packets  need  to  be  dropped.  In 
particular,  we  stated  that  there  is 
a  belief  that  —  to  a  certain  extent 
—  it  is  better  to  drop  a  few  voice 
packets  than  to  deliver  it  late.The 
reason  behind  this  phenomenon 
is  that  modern  packet  voice  algo¬ 
rithms  are  designed  with  the 
assumption  that  some  packets 
will  be  dropped. 

The  fact  that  “never  is  better 
than  late”  led  to  the  usage  of  User 
Datagram  Protocol  (UDP)  for  the 
transport  of  voice  traffic.  (Of 
course,  TCP  is  preferred  for  the 
voice  control  because  of  the 
need  for  assured  delivery.) 

But  this  also  leads  to  an  inter¬ 
esting  question.  Over  the  years, 
we’ve  become  almost  insanely 
paranoid  about  voice  quality 
and  dropped  packets.  The 
obsessive  assumption  has  been 
that  voice  always  should  have 
priority  over  data.  And  we’re 
going  to  assert  that  this  simply  is 
not  true.  Why? 

Data  —  essentially  without 
exception  —  has  a  way  to  recover 
from  lost  packets.  Today,  this  is 
typically  accomplished  via  TCP 

However,  until  we  have  intelli¬ 
gent  discard  of  packets,  drop¬ 
ping  data  packets  can  wreak 
havoc  on  performance.  In  most 
cases,  the  protocol  is  a  “go-back- 
n”  protocol. 

For  instance,  if  you  have  an 
outstanding  window  size  of 
eight  packets,  five  packets  are 
unacknowledged,  and  the  first 
of  the  five  packets  is  discarded, 
then  that  packet  and  the  four 
following  packets  must  be 
retransmitted.  Further,  if  the  dis¬ 
carded  packets  are  from  sepa¬ 
rate  sessions,  then  the  effect  is 
multiplied. 

The  net  effect  is  that  dropping  a 
few  voice  packets  probably  will 
have  no  affect  on  network  perfor- 
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mance.  However,  dropping  data 
packets  could  cause  a  flood  of 
retransmissions. 

So  there  really  are  two  indepen¬ 
dent  actions  taking  place  here. 

On  the  one  hand,  voice  packets 


need  to  have  the  highest  priority 
and  go  to  the  front  of  the  queue 
for  minimizing  delay.  But  if  there 
is  no  room  at  the  front  of  the 
queue,  then  robbing  bandwidth 
from  data  applications  could  be 


counterproductive. 

Next  time  we’ll  look  at  an  even 
better  way  of  prioritizing  data. 

Taylor  is  president  of  Distributed 
Networking  Associates  and  pub¬ 


lisher/editor-in-chief  of  Web- 
torials.  He  can  be  reached  at  toy 
lor@webtorials.com.  Metzler  is 
vice  president  of  Ashton,  Metzler 
&  Associates.  He  can  be  reached 
at  jim@ashtonmetzler.com. 


N-TRON  gives 
you  more  ways 
to  monitor  your 
Industrial 
Ethernet 
network 


Introducing  N-TRON’s  9000  Series  GbE 
Industrial  Switch  with  Advanced  Monitoring 
to  bridge  the  gap  between  IT  and  the  Factory 

N-TRON®  manufactures  a  unique  product  that 
bridges  the  domain  between  IT  and  the  Factory 
as  far  as  network  monitoring  software  needs  are 
concerned.  Our  9000  Series  provides  plug-and- 
play  SNMP  and  Web  Browser  monitoring  for  IT, 
and  fully  compliant  OPC/HMI  monitoring  for  the 
Factory,  all  in  a  ruggedized  steel  enclosure  that  is 
capable  of  withstanding  rigorous  environmental 
conditions. 


•  Hardened  Environmental  Specifications 

•  Extended  Temperature,  Shock, 
Vibration,  and  High  Noise  Protection 

•  High  MTBF  >1M  Hours 

•  Redundant  Power  Inputs 

•  High  Availability 

•  Plug-and-Play  Advanced  Monitoring 

•  Full  SNMP  and  Web  Browsing  for  IT 

•  Full  OPC  Compliance  for  the  Factory 

•  Four  Slot  Mix  and  Match  Modular  Switch 

•  Six  Port  10/IOOBaseTX  Modules 

•  Two  or  Four  Port  100BaseFX  Modules 

•  Two  Optional  Gigabit  Fiber  Ports 

•  Standard  Managed  Switch  Features 

•  IGMP,  Link  Aggregation,  Port  Control, 
Port  Mirroring,  IEEE  802.1  D, 

802.1  p  QoS,  802.3,  802.3u,  802.3x, 

802. 1w  RSTP,  802.1  Q  VLAN,  SNMP, 
and  Web  Browsing 


Visit  us  on  the  web  @  www.n-tron.com  or  call  (251)  342-2164 
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Key  to  innovation 

Cisco  CEO  John  Chambers  recently  identified  collabora¬ 
tion  as  a  business  driver  for  the  next  10  years,  and  par¬ 
ticipants  in  IBM’s  2006  CEO  survey  concur. 

Of  the  765  CEOs  interviewed  for  the  study  65%  say  “they 
will  have  to  make  fundamental  changes  in  their  businesses 
over  the  next  two  years,”  writes  IBM  CEO  Samuel  Palmisano. 
“New  products  and  services  remain  a  priority  but  they’re 
placing  increasing  emphasis  on  differentiating  themselves 
through  innovation  in  the  basics  of  their  business  models.” 

Collaboration  is  cited  as  a  key  enabler  of  innovation. 
Surprising,  however,  is  the  list  of  people  expected  to  collabo¬ 
rate.  While  the  CEOs  say  employees  are  the  most  significant 
source  of  innovative  ideas,  the  two  other  primary  sources  are 

Most  significant  sources  of  innovative  ideas 

Percentage  of  respondents  selecting 

Employees 
Business  partners 
Customers 
Consultants 
Competitors 

Associations,  trade  shows,  conference  boards 
Internal  sales  and  service  units 
Internal  R&D 

0  10  20  30  40  50 

Note:  Respondents  could  select  as  many  as  three  choices. 

business  partners  and  customers  (see  graphic). 

There  is  a  problem,  however.  Although  roughly  75%  of  the 
CEOs  rated  collaboration  of  great  importance  to  innovation, 
“only  half  the  CEOs  we  spoke  with  believed  their  organiza¬ 
tions  were  collaborating  beyond  a  moderate  level,”  the  report 
says.  IBM  calls  this  the  collaboration  gap, and  attributes  it  to 
skills,  expertise  and  interoperability  issues. 

The  study  also  identifies  a  gap  between  the  importance 
of  business  and  technology  integration  and  the  reality  of 
integration  today  And  although  almost  80%  of  the  CEOs 
would  agree,  only  about  45%  say  they  have  achieved  inte¬ 
gration  to  a  large  extent. 

Companies  that  have  managed  to  integrate  business  and 
technology  report  a  host  of  benefits,  the  top  being  reduced 
costs,  according  to  the  study  Interestingly  the  bulk  of  the  other 
benefits  have  to  do  with  driving  top-line  revenue  through 
such  things  as  higher  quality  and  customer  satisfaction,  over¬ 
all  speed  and  strategic  flexibility  and  faster  time  to  market. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


Rootkits  and  responsibility 

Regarding  Mark  Gibbs’  BackSpin  column  “Of  rootkits 
and  personal  responsibility”  (see  www.nwdocfind 
er.com/4029):  My  opinion  is  that  any  program  that 
does  anything  without  my  permission  is  wrong. 
Granted,  I  may  not  know  every  specific  thing  that 
Windows  is  doing,  but  I  don’t  expect  it  to  be  sending 
e-mail  to  someone  without  my  permission. 

A  longtime  pet  peeve  of  mine  has  been  large  com¬ 
panies  (read:  Microsoft)  using  my  computer  for  their 
own  (and  other’s)  uses.  How?  The  cookie.  When  this 
first  came  to  light  years  ago,  I  asked, “How  is  it  that 
you  can  use  my  hard  disk  for  your  purposes?”  I 
wouldn’t  allow  my  insurance  company  to  come  into 
my  house  and  use  my  file  cabinet  for  information 
that  they  wanted  to  store  about  me.  Why  would  1 
allow  Microsoft  (and  others)  to  do  it? 

The  die  has  long  been  cast:  first  cookie,  now  root- 
kit.  What  will  be  next? 

George  Carey 
IT  specialist 
United  Coatings 
Spokane  Valley  Wash. 

Mark  Gibbs’  points  about  rootkits  are  valid  and 
well  made  —  with  one  conspicuous  exception. 
Placing  software  on  a  system  without  the  user’s 
express  consent  is  and  must  be  illegal.  It  is  not  a 
question  of  what  the  software  does;  the  fact  of  its 
insertion  into  a  foreign  system  is  the  actionable 
event. 

My  worry  is  that  concern  with  whether  or  not  the 
effect  of  such  software  is  good, bad  or  indifferent  will 
lead  us  to  a  useless  argument  over  whether  or  not 
such  an  installation  is  “good.”  Consider  this  rough 
analogy:  Breaking  and  entering  is  a  well-known 
crime.  If  I  break  into  a  person’s  house  without  his 
knowledge  to  remove  a  hazard  (say  a  bomb)  then  I 


am  guilty  of  breaking  and  entering.  I  may  argue  that 
there  should  be  no  punishment,  but  not  that  I  did 
not  break  in.  Sony  may  argue  that  it  shouldn’t  be 
punished,  because  its  installation  was  benign 
(though  I,  for  one, doubt  that), but  it  must  not  be  able 
to  say  that  what  it  did  was  legal. 

Ian  Leedom 
Milford,  Mass. 

As  Mark  Gibbs  notes,  it’s  not  rootkits  per  se  that  are 
bad,  but  what  they  do  without  us  knowing. 

I  repair  computers,  and  I  often  install  firewalls 
to  stop  spyware.  One  of  the  first  things  the  fire¬ 
walls  detect  is  all  the  legitimate  traffic  between 
common  software  and  their  vendors.  A  big  com¬ 
municator  is  Real  Player,  which  tends  to  install  a 
start-up  application  and  begins  talking  over  the 
Internet  even  before  your  browser  is  connected. 
Also  Windows  Media  Player  loves  to  talk  with 
Microsoft.  Are  they  discussing  digital  rights  man¬ 
agement,  assessing  your  music  collection  for  tar¬ 
geted  advertising  or  just  reporting  bugs?  Adobe 
products  also  like  to  send  messages.  Isn’t  it  inter¬ 
esting  when  non-Internet  applications  start  send¬ 
ing  Internet  messages  to  their  vendor-masters?  Of 
course,  it’s  all  legitimate,  isn’t  it?  You  clicked  the 
Agree  button  in  the  installer,  and  you  are  often 
required  to  use  these  common,  ubiquitous  appli¬ 
cations.  It’s  easy  to  be  critical  of  shady  vendors 
using  your  Internet  connection  but  harder  to  crit¬ 
icize  legitimate  vendors.  Thank  you  for  taking 
Sony  to  task. 

Fred  Pierre 
CEO 
Data  Doctor 
Kent,  Ohio 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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TOTALLY  UNPLUGGED 
Ira  Brodsky 


CACHE  ADVANCE 
Linda  Musthaler 


Steering  802.1  In  between  the  icebergs 


The  draft  802.1  In  standard  for  next-generation 
wireless  LANs  failed  to  garner  the  75%  of 
votes  required  for  adoption  at  last  month’s 
Task  Group  N  meeting.  This  was  expected.  Many 
diverse  companies  have  a  stake  in  this  standard, 
and  it  would  have  been  a  bigger  surprise  had  the 
draft  won  a  supermajority  on  the  first  ballot. 

However,  two  serious  problems  have  emerged. 
First,  the  draft  elicited  an  unprecedented  12,000 
comments,  many  requiring  careful  examination. 
This  could  delay  completion  of  the  802.1  In  stan¬ 
dard.  Second,  the  draft  doesn’t  guarantee  coex¬ 
istence  with  legacy  WLANs,  and  doesn’t  do 
enough  to  ensure  interoperability  between 

802.1  In  devices  from  different  manufacturers.  A 
standard  that  causes  interference  with  existing 
WLANs,  triggers  a  deluge  of  tech  support  calls 
and  generally  frustrates  users  in  mixed-vendor 
environments  is  worse  than  no  standard  at  all. 

Three  serious  technical  flaws  have  been  iden¬ 
tified  so  far: 

•  The  specification  does  not  define  an  access 
protocol  for  802.1  In’s  optional  extension  chan¬ 
nel,  which  doubles  the  bandwidth  to  achieve 
higher  data  rates.  A  separate  access  protocol  for 
the  extension  channel  would  enable  spectrum 
sharing  —  with  good  throughput  for  both 

802.1  In  and  legacy  802.1  la/b/g  WLANs. 


•  The  specification  does  not  take  into  account 
existing  2.4GHz  channel  spacing.As  now  defined, 

802.1  In  channels  are  spaced  20MHz  apart,  while 

802.1  Ib/g  channels  are  typically  spaced  25MHz 
apart.  When  802.1  In  uses  its  optional  extension 
channel  (channel-bonded  mode),  it  occupies 
40MHz.  There  is  a  good  chance  that  40MHz  par¬ 
tially  overlaps  any  nearby  legacy  WLANs  enough 
to  cause  interference  but  not  enough  to  allow 

If  the  industry  gets  802.1  In 
right,  we  could  see  an 
expanded  WLAN  market. 

orderly  sharing.The  problem  can  be  alleviated  by 
using  25MHz  channel  separation  for  access  con¬ 
trol  transmissions  and  selecting  default  channels 
aligned  with  the  existing  2.4GHz  band  channels. 

•  802.1  In  currently  defines  an  optional  green¬ 
field  preamble.  A  preamble  enables  different  de¬ 
vices  to  recognize  each  other.  Based  on  experi¬ 
ence  with  802.1  lb/g  standards,  mix_ing 
de_vices  that  look  for  the  preamble  with  devices 
that  don’t  adds  overhead  and  creates  interoper¬ 
ability  problems.  Either  making  the  preamble 
mandatory  or  removing  it  completely  would 
benefit  efficiency  and  QoS. 


Solutions  to  these  problems  are  rarely  perfect, 
because  interoperability  and  coexistence 
require  compromise.  But  the  proposed  solutions 
are  much  better  than  doing  nothing. 

Unfortunately  there  is  another  wrinkle.  In  an 
effort  to  obtain  a  time-to-market  advantage,  some 
vendors  forged  ahead  with  development  of 
chipsets  based  on  the  draft  specification.  They 
apparently  believed  the  draft  standard  was  mature 
enough  that  any  changes  in  the  final  specification 
could  be  handled  through  software  upgrades. 
Some  of  these  vendors  now  find  themselves  torn 
between  supporting  a  standard  that  best  serves 
users  and  one  that  maximizes  their  near-term 
return  on  investment  in  “draft  N”  silicon. 

The  802.1  In  standard  is  important  not  only 
because  it  enables  high-speed  applications  but 
also  because,  for  the  first  time,  it  permits  wireless 
networks  to  outperform  wired  networks.  If  the 
industry  gets  the  802.1  In  standard  right,  we 
could  see  a  vastly  expanded  market  for  WLANs. 
If  the  industry  gets  the  standard  wrong,  however, 
it  could  cause  costly  disruptions  and  a  loss  of 
confidence  in  the  WLAN  industry. 

Brodsky  is  president  of  Datacomm  Research  of 
St.  Louis.  He  can  be  reached  at  ibrodsky@data- 
commresearch.  com. 


Skilled-worker  shortage:  fact  or  fiction? 


For  several  years  we’ve  been  reading  news 
stories  about  the  impending  shortage  of 
skilled  IT  workers.  The  predictions  have 
been  fairly  dire:  As  baby  boomers  retire  and 
fewer  young  people  join  the  IT  workforce,  hun¬ 
dreds  of  thousands  of  U.S.jobs  will  go  unfilled.  IT 
projects  will  languish  because  companies  can’t 
find  the  workers  with  the  right  skills  to  staff  them. 
We’11  need  more  imported  workers  coming  in  to 
this  country  under  Hl-B  visas,  and  we’ll  have  to 
send  more  work  overseas  to  outsource  agencies. 
Baloney! 

There’s  no  shortage  of  smart,  employable  IT 
workers.There  is  a  shortage  of  flexible  employers 
who  are  willing  to  hire  people  who  don’t  match 
an  exact,  niche  profile  or  have  a  very  specific 
skill  or  type  of  experience.There  is  a  shortage  of 
companies  willing  to  invest  in  the  training  and 
development  of  enthusiastic  and  committed 
employees.  There  is  a  shortage  of  corporations 
that  see  their  employees  as  long-term  assets  and 
not  as  overhead  that  can  be  ditched  at  the  first 
hint  of  a  bad  quarter. There  is  a  shortage  of  orga¬ 
nizations  willing  to  implement  formal  mentoring 
and  internship  programs  that  will  help  the  next 
generation  of  employees  grow  into  the  labor 
force  for  the  long  haul. 

Too  many  employers  have  set  their  sights  on  the 
ideal  candidates  —  the  ones  who  come  with  the 
right  degrees  in  hand,  the  right  credentials  on  the 
resume  and  the  right  project  experience  under 
their  belt.  Heaven  help  the  candidate  who  lacks  a 
certification,  or  who  has  extensive  experience 


with  one  application  and  not  another.  He’ll  never 
get  noticed,  because  the  resume  screening  soft¬ 
ware  has  already  chucked  him  into  the  waste  bin. 
The  software  doesn’t  know,  of  course,  that  some¬ 
one  with  good  Windows  administration  skills  can 
learn  Linux  skills  to  become  the  new  Linux 
administrator  who’s  desperately  needed. 

A  recent  editorial  in  the  San  Jose  Mercury  News 
by  Christopher  Moylan,  a  lecturer  in  chemistry 
and  director  of  the  undergraduate  laboratories  at 
Stanford  University  made  me  stand  up  and  cheer 
(see  www.nwdocfinder.com/4028).  Moylan’s 

There’s  no  shortage  of 
smart,  employable  IT 
workers. 

story  is  about  scientific  and  engineering  jobs  in 
Silicon  Valley  where  he  lives,  but  the  same  can  be 
said  about  IT  jobs  across  this  country 
Moylan  accuses  companies  of  setting  them¬ 
selves  up  for  the  worker  shortage.  He  cites  exam¬ 
ples  of  firms  that  disgorged  tons  of  highly  skilled 
workers  during  the  economic  downturn  of  a  few 
years  ago.  While  many  of  these  workers  took 
lower-paying  jobs  in  different  fields,  their  former 
employers  scream  that  they  can’t  find  enough 
workers  today  At  the  same  time,  these  compa¬ 
nies  have  cut  pay  and  benefits,  and  eliminated 
the  notion  of  job  security,  making  it  less  likely 
that  college-bound  students  will  ever  want  to 
enter  the  fields  in  need  of  workers. 


My  household  has  personally  felt  the  paradox  of 
having  a  highly  skilled  and  capable  worker  re¬ 
main  underemployed  while  companies  cry  about 
needing  more  people  in  this  particular  field.  My 
husband  holds  a  degree  in  management  infor¬ 
mation  systems.  He  has  more  than  20  years  of 
experience  in  computer  programming,  systems 
analysis  and  design,  business  systems  integration, 
and  internal  controls  and  audit.  His  entire  career 
has  been  in  the  energy  industry  —  not  exactly  a 
dying  industry  His  education,  skills  and  experi¬ 
ence  would  make  him  the  ideal  candidate  to  lead 
a  Sarbanes-Oxley-inspired  compliance  project  at 
a  major  corporation.Yet  when  he  applies  for  jobs, 
he  hears  “you’re  overqualified”  or  “you  don’t 
have  a  Certified  Information  Systems  Auditor  cer¬ 
tification”  as  the  excuse  for  passing  him  over. 
These  companies  have  no  idea  about  the  high 
caliber  of  worker  they  have  just  overlooked. 

So  is  there  an  IT  skills  shortage?  Well,  it 
depends  on  how  narrowly  you  define  “skills."  If 
it  means  the  person  must  be  perfect  for  the  job 
on  Day  1 ,  then  maybe  we  do  have  a  shortage  of 
workers.  If  it  means  that  people  who  possess 
most  of  the  desired  qualifications  can  be  given 
some  training  and  a  bit  of  time  to  grow  into  the 
job,  then  no,  there’s  no  skills  shortage  —  just  a 
shortage  of  companies  with  the  patience  and 
wisdom  to  invest  in  their  workforce. 

Musthaler  is  vice  president  of  Currid  &  Company: 
a  technology  assessment  firm  in  Houston.  She  can 
be  reached  at  linda@currid.com. 
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_THE  INVASION 

_DAY  16:  These  servers  are  so  hot,  we’re  running  the  AC  at  full 
blast,  and  the  thermometer  is  still  pushing  140°  Had  to  relax 
the  dress  code  in  the  server  room.  No  choice.  It’s  towels  and 
flip-flops  until  we  get  this  heat  problem  under  control. 

_Gil  says  he’s  lost  a  lot  of  weight.  I  hadn’t  noticed. 

_DAY  17:  I  found  a  cooler  answer  to  our  heat  problem:  the  IBM 
BladeCenter®  with  Intel®  Xeon®  Processors  reduces  the  overall 
amount  of  power  required  by  the  system.  The  BladeCenter  is 
designed  to  respond  automatically  to  power  events  and  can  use 
up  to  37%  less  energy1.  Less  power.  Less  heat.  Less  money. 

Less  stress. 

_0h,  apparently  HR  had  a  problem  with  the  dress  code  but  couldn’t 
call  and  tell  us,  since  the  phones  had  melted. 
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Brocade  SilkWorm  4  Gbit/sec  SAN  Solutions 


The  industry's  most  comprehensive  family  of  4  Gbit/sec  SAN  solutions. 

Performance.  Scalability.  Affordability. 

The  Brocade®  SilkWorm®  family  of  switches  and  directors  is  the  most  comprehensive  line  of  4  Gbit/sec  SAN  solutions 
available  today.  These  innovative  solutions  give  you  a  performance  boost  to  improve  data  availability,  backup/restore 
operations,  and  overall  efficiency.  To  see  how  your  enterprise  can  benefit,  visit:  www.brocade.com/4GBITdesign  and 
download  the  free  white  paper  Designing  Next-Generation  SANs  with  Brocade  4  Gbit/sec  Solutions. 
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A  new  sheriff  in  town: 

Outbound  content  monitoring 

Network-based  monitoring  systems  protect  sensitive  data  leakage  by  examining 
packets  in  real  time,  detecting  violations  and  blocking  appropriate  outbound  traffic. 


BY  JOANNE  VANAUKEN 

IT’S  1 1 :32  ON  A  TUESDAY  MORNING:  Do  you  know  where  your  data  is? 

IT  organizations  have  learned  the  hard  way  that  leakage  of  confidential  infor¬ 
mation  —  whether  it  trickled  out  inadvertently  or  passed  through  in  a  calcu¬ 
lated  fashion  —  can  levy  heavy  damages  against  market  share  and  brand  rep¬ 
utation,  and  potentially  give  rise  to  civil  lawsuits  and  punitive  fines. 


The  danger  of  data  leakage  is  clear  and  present. 
Research  conducted  by  InfoPro  says  72%  of  enter¬ 
prises  surveyed  report  that  internal  security  threats 
pose  an  equal  or  greater  problem  than  external  risks. 


An  ability  to  prevent  disclosures,  or  at  least  manage 
them,  is  critical  to  complying  with  industry  and  govern¬ 
mental  regulations  and  guarding  brand  reputation. 

IT  executives  must  take  a  more  proactive 


approach  to  monitoring  and  securing  all  data  in 
motion.  Not  only  e-mail  but  all  forms  of  electronic 
communications  must  be  monitored  —  instant 
messages,  peer-to-peer,  telnet,  FTP  traffic,  automatic 
faxes,  posting  to  discussion  boards  and  online  busi¬ 
ness  transactions. 

Enter  a  slew  of  new  and  reconditioned  products 
geared  toward  blocking  sensitive  data  from  leaving  the 
corporate  network.Vendors  in  this  market  include 
Fidelis  Security  Systems,  Intrusion,  Palisade  Systems, 
PortAuthority  Technology  Proofpoint,  Reconnex,Tablus, 
Vericept  and  Vontu  (see  product  chart  below). 

These  vendors  have  developed  network-based  prod¬ 
ucts  that  can  monitor  data  in  motion  and  in  some 
cases,  data  at  rest.This  lets  an  organization  identify  data 
flow  patterns,  such  as  a  human  resources  department 
distributing  unsecured  employee  information  via 


Differentiating  content  filtering  (aka  data  leakage)  products 

In  our  survey  of  the  nine  vendors  in  this  market,  we  asked  them  nearly  200  questions,  aimed  at  helping  customers  differentiate  the  products  from  one  another.  The  full 
survey  is  available  at  DocFinder4062.  But  here  is  a  snapshot  of  how  each  vendor  says  its  product  deals  with  identifying  and  categorizing  what  corporate  documents 
should  or  should  not  be  flowing  outside  the  network. 


Fidelis  Security  Systems 

DataSafe 

Intrusion 

Compliance  Commander 

Palisade  Systems 

PacketSure 

Web  site 

www.fidelissecurity.com 

www.intmsion.com 

www.palisadesys.com/products/ 

Gan  documents  be  defined  based  on  categories  (including  internal  memos,  draft  press  releases, 
organizational  charts,  price  lists,  etc.)? 

Yes 

Expected  in  Q4  release. 

Yes,  utilizing  learning 

Can  documents  be  assigned  different  access  controls? 

Yes 

No 

No 

Can  system  be  “trained”  to  ignore  common,  nonconfidential  content  (organization’s  boilerplate)? 

Yes 

Yes 

Yes 

What  is  the  total  number  of  file/document  types  supported  by  the  product?  (Note:  Vendors  with  the  higher 
numbers  tend  to  count  multiple  versions  of  the  same  program  as  distinct  file  types.) 

73 

300+ 

295 

Does  the  product  have  built-in  templates  for  outgoing  messages  to  comply  with  governmental  regulations: 
Health  Insurance  Portability  and  Accountability  Act 

Yes 

Yes 

Yes 

Gramm-Leach-Bliley  Act 

Yes 



Yes 

Yes 

National  Association  of  Securities  Dealers 

No 

No 

Yes 

State  regulations  (such  as  California  AB 1950) 

Yes 

No 

Yes 

Canada’s  Personal  Information  Protection  and  Electronic  Documents  Act 

No 

No 

No 

Any  European  regulations 

No 

No 

No 

Can  the  product  identify  such  specific  data  elements  as  Social  Security  numbers,  account  numbers  and 
address  information  that  match  private  data  uploaded  from  an  organization's  database? 

Yes 

Yes 

Yes 

Can  the  product  identify  known  credit  card  number  patterns  associated  with  rngjor  credit  card  companies? 

Yes 

Yes 

Yes 

Can  the  product  learn  key  phrases  that  distinguish  private  from  public  documents? 

Yes 

No 

Yes 

What  is  the  price  of  the  product  for  a  7,500-user  network? 

Ranges  from  S40.000  to  395,000 

Starts  at  S7.950 

S34.000 

What  are  yearly  maintenance  costs? 

20%  of  list  price 

20%  to  25%  of  software  license  $6,800 

52  *  www.networkworld.com  •  6.26.06 


e-maii.  Fblicy-violation  alerts  can  be  sent  to  administra¬ 
tors,  the  sender  and/or  the  user. These  products  can 
quarantine  suspect  data  before  it  leaves  the  network,  so 
it  can  be  appropriately  reviewed  before  going  on  to  its 
destination. Suspicious  activity, such  as  an  employee 
e-mailing  marketing  plans  to  her  Hotmail  account  or 
another  employee  accidentally  copying  someone  on 
an  email  containing  customer  information,  can  be 
blocked  immediately. 

In  a  nutshell,  these  products  help  shield  an  organiza¬ 
tion  against  breaking  local  or  federal  privacy  laws,  vie 
lating  corporate  policies,  ignoring  email  best  practices, 
losing  intellectual  property  and  exposing  customer 
information.  In  addition  to  providing  a  final  security 
checkpoint,  these  products  can  be  used  as  a  training 
tool  to  teach  employees  how  to  protect  private,  sensi¬ 
tive  data  and  as  the  means  of  providing  evidence  that 
a  company  is  serious  about  data  privacy 

On  the  flip  side,  these  products  register  false  posi¬ 
tives,  miss  some  legitimate  policy  violations  and  — 
with  the  six-digit  price  tag  they  often  carry  —  can  be 
difficult  to  cost-justify. 

Savvy  companies  realize  that  proactively  managing 
and  protecting  intellectual  property  and  customer  data 
is  like  putting  money  in  the  bank,  says  IDC  security 
analyst  Brian  Burke. 

“It  not  only  reduces  the  possibility  of  legal  and  finan¬ 
cial  risk  but  also  helps  to  protect  and  safeguard  an 
organization’s  future  revenue,”  he  says. 

The  market 

One  of  the  difficulties  with  these  products  is  that  the 


industry  doesn’t  quite  know  how  to  classify  them. 

Gartner  analyst  Paul  Proctor  refers  to  these  wares  as 
“content  monitoring  and  filtering”  tools.  IDC  analyst  Dan 
Yachin  calls  them  “information  leakage  detection  and 
prevention”  products,  while  in  military  deployments  they 
are  referred  to  as  “extrusion  prevention  systems.” 

In  spite  of  the  confusion  over  the  product  category 
name,  Proctor  predicts  this  market  will  double  each 
year  for  the  next  two  to  three  years.  He  expects  an 
increase  in  shipments  from  both  start-ups  and  well- 
established  security  vendors. 

“The  market  for  these  solutions  is  relatively  immature, 
as  the  adoption  . . .  relies  on  organizations’  growing 
awareness  of  the  inside-out  threat, ’’Yachin  says. 

The  key  function  of  these  products  is  to  help  organiza¬ 
tions  comply  with  data  privacy  law  Their  niche  is  to 
guard  against  both  the  intentional  and  accidental  leak 
of  sensitive  data.The  underlying  technology  won’t  pro¬ 
vide  an  all-encompassing  answer  to  data  privacy  but  it’s 
a  key  ingredient  to  be  coupled  with  user  education, 
encryption  safeguards,  access-control  mechanisms,  phys¬ 
ical  security  and  incident  response  and  reporting  pro¬ 
cesses  inside  an  information  security  infrastructure. 

Some  users  view  these  products  as  potential  em¬ 
ployee-monitoring  tools,  providing  ways  by  which  an 
employer  could  infringe  upon  the  privacy  of  people 
sending  and  receiving  information.  But  vendors  are 
quick  to  say  that  spying  on  employees  is  not  a  prime 
objective. 

“Our  tool  is  not  used  as  Big  Brother  monitoring  but 
as  a  tool  to  educate  employees  about  what’s  occur¬ 
ring  on  the  network,”  says  Kevin  Cheek,  vice  president 


of  marketing  at  Reconnex,  maker  of  the  Reconnex 
inSight  Platform. 

Still,  it  would  be  wise  to  investigate  whether  these 
tools  violate  any  labor,  civil  or  criminal  laws  in  the 
country  where  they  are  implemented. 

The  Inner  Workings 

Most  of  the  vendors  in  this  space  primarily  attack 
the  data-leakage  issue  from  the  network  perimeter  as 
their  products  are  designed  to  sit  as  the  network’s 
edge  and  scan  multiple  communication  protocols 
used  for  applications  such  as  e-mail,  Web  browsing, 

IM  and  FTP  to  determine  whether  sensitive  content  is 
wrongly  communicated  outside  corporate  network 
boundaries.  A  monitor  that  typically  hangs  off  a  net¬ 
work  switch  captures  traffic  and  passes  information 
about  it  back  to  the  administrative  console  for  analy¬ 
sis  and  storage  purposes. 

In  addition  to  its  primarily  network-focused  monitor¬ 
ing, Vericept  offers  a  client-based  approach  that  lets 
network  policies  created  in  its  Vericept  360°  Risk  Man¬ 
agement  Platform  be  selectively  pushed  down  to  the 
desktop.  PortAuthority  and  Tablus  also  get  kudos  for 
having  both  network  perimeter  and  desktop  enforce 
ment  features  built  in  to  their  products. 

Most  organizations  initially  install  these  products  and 
run  them  for  several  months  in  a  simple  monitoring 
mode  (instead  of  immediately  blocking  threats)  to 
watch  employee  work  activities,  so  they  can  identify 
trends  that  will  assist  in  establishing  appropriate  poli¬ 
cies.  Many  products  offer  policy  wizards  that  help 
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PortAuthority  Technology 

PortAuthority 

Proofpoint 

Proofpoint  Protection  Server, 
Proofpoint  Messaging  Security 
Gateway,  Proofpoint  Network  Content 
Sentry 

Reconnex 

iGuard,  iController,  iManager 

Tablus 

Content  Alarm  NW 

Vericept 

Vericept  360 '  Risk  Management 
Platform 

Vontu 

Vontu  Enforce,  Vontu  Discover,  Vontu 
Protect,  Vontu  Monitor,  Vontu  Prevent 
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Ranges  from  $50,000  to  S150.000 

Ranges  from  $128,000  to  S160.000 

Ranges  from  S30.000  to  $100,000 

Starts  at  $75,000 

Company  declined  to  supply. 

Starts  at  $100,000 

i8%  of  cost 

All  maintenance  is  included  in  price. 

$15,000  per  appliance. 

18%  of  cost 

Company  declined  to  supply. 

Included  in  subscription  model.  For 

perpetual  license,  Standard  Support 
is  18%.  Premium  Support  is  22%  of 
license  costs  per  year. 


Join  Altiris  and  Dell  in  a 
Network  World  Webcast 
to  find  out  how. 


Network  growth  is  inevitable.  And 
it's  happening  at  a  rapid  pace. 

There  is  a  way  to  stay  on  top  of  it 
all  —  efficiently  and  cost-effectively. 
Configuration  Management  Databases 
(CMDB)  lets  you  centralize  all  hardware 
and  software  on  the  network  while 
providing  you  with  a  real-time  look  at 
what's  going  on  over  your  net. 

Learn  the  facts  behind  CMDB  and  how 
real-world  enterprises  are  benefiting 
from  this  centralized  approach. 

Go  to  http://www.networkworld.com/ 
CMDBwebcast  to  watch  this 
free  Webcast. 
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define  the  keywords  or  patterns  to  look  for  in  addition 
to  monitoring  for  specific  user  behavior,  such  as  alter¬ 
ing  certain  documents. When  these  attributes  are  used 
in  conjunction  with  policy  rules,  administrators  reduce 
the  risk  of  false  positives. 

Once  an  administrator  has  imported  specific  data  for¬ 
mats,  such  as  Social  Security  or  credit  card  numbers, 
into  these  products,  he  can  create  policies  that  will 
notify  him  whenever  data  has  left  the  corporate  net¬ 
work  with  those  numbers. 

For  example,  an  employee  sent  two  email  correspon¬ 
dences:  one  with  Social  Security  numbers  in  the  mes¬ 
sage  body  and  one  with  employees’  names  and  SSNs 
in  an  Excel  file.  Using  pattern  matching,  these  products 
should  capture  the  illegitimate  traffic  and  send  the 
appropriate  alerts. 

Several  products  also  have  built-in  and  customizable 
domestic  regulatory  compliance  and  security  policies 
that  can  be  modified  to  fit  specific  business  environ¬ 
ments.  However,  not  all  products  have  predefined  regu¬ 
lation  templates  for  Canadas  Personal  Information 
Protection  and  Electronic  Documents  Act  or  European 
regulations. 

Vendors  claim  bragging  rights  based  on  the  number 
of  document  types  supported,  but  this  can  be  mislead- 
ing.The  majority  of  our  respondents  give  between  250 
and  400  supported  file  types,  while  others  say  they  sup¬ 
port  as  few  as  73  file  types.The  higher  counts  may 
occur  because  vendors  count  Microsoft  Word  Versions 
98,2002  and  2003  as  three  individual  decoders  while 
others  consider  them  to  be  one. 

When  it  comes  to  discovering  and  protecting  sen¬ 
sitive  data  at  rest  —  such  as  data  sitting  on  laptops, 
desktops  and  in-file  servers  —  PortAuthority, 
Reconnex,Tablus,Vericept  and  Vontu  all  support 
this  feature. 

Real  world  deployments 

How  a  company  uses  data-leakage  prevention  prod¬ 
ucts  is  unique  to  the  internal  culture  of  the  organiza¬ 
tion,  the  industry  it  plays  in  and  what  it  ultimately 
hopes  to  gain  from  using  these  products. 

MedAvant,  the  nations  second-largest  provider- 
based  healthcare  technology  company,  uses 
PortAuthority  Technologies  to  ensure  that  data  for 
more  than  450,000  healthcare  providers,  30,000  phar¬ 
macies,  500  laboratories  and  100,000  payer  organiza¬ 
tions  is  secure  within  the  MedAvant  network. 
MedAvant’s  most  important  use  of  PortAuthority  is 
monitoring  and  enforcement  for  compliance,  and  it 
is  using  the  product  to  block  the  sending  of  sensitive 
information.  According  to  a  MedAvant  spokesperson, 
a  key  factoring  in  choosing  the  PortAuthority  product 
is  that  it  can  block  the  sending  of  sensitive  informa¬ 
tion  via  any  communication  channel  with  false  posi¬ 
tives  of  less  than  1%. 

Boston  College  went  with  Fidelis's  DataSafe  product. 
“It  gives  us  the  ability  to  implement  granular  policies  to 
protect  our  sensitive  information  without  compromis¬ 
ing  the  information  sharing  critical  to  an  educational 
institution,”  says  David  Escalante,  director  of  computer 
policy  and  security  at  Boston  College. 

Mark  Moroses, senior  director  of  technical  ser¬ 
vices  at  Maimonides  Medical  Center  in  Brooklyn, 

4. Y.,  says  that  its  built-in  features  to  help  the  hospi¬ 
tal  comply  with  H1PAA  regulations  and  its  ability  to 
do  pixel  analysis  for  identifying  pornographic  con¬ 


tent  were  deciding  factors  for  the  hospital's  choice 
of  the  Reconnex  suite  of  products  comprising 
iGuard,  iController  and  iManager.  Moroses  says  the 
choice  was  also  an  economical  one  as  Reconnex 
representatives  priced  the  product  within  the  hospi¬ 
tal’s  budget.  In  addition,  the  Reconnex  48-Hour 
e-Risk  Rapid  Assessment  network-monitoring  evalu¬ 
ation  provided  Moroses  with  an  assessment  of  the 
insider  risks  and  exposures  that  might  require  addi¬ 
tional  investigation. 

Sharon  Finney  information  security 
administrator  at  DeKalb  Medical  Center 
in  Atlanta, says  a  deciding  factor  for  her 
choice,  ProofFbint,  was  that  its  tool 
ships  preconfigured  with  a  specific  set 
of  current  procedural  terminology 
codes  for  the  healthcare  industry 

Audit  logs  and  the  courts 

Extrusion-prevention  technology 
should  be  one  component  of  an  over¬ 
all  internal  and  external  auditing  pro¬ 
cesses  it  keeps  an  eye  toward  improv¬ 
ing  operational  efficiencies  by  identifying  internal 
policy  violations;  providing  more  accurate  financial 
reporting;  limiting  exposure  to  class-action  lawsuits; 
and  complying  with  applicable  industry,  local  and 
federal  regulations. 

But  can  the  audit  logs  generated  by  these  products 
help  in  legal  situations  involving  employees  who  crimi¬ 
nally  violate  company  policy? 

While  noting  that  the  privacy  laws  have  not  really 
been  tested  in  the  courts  yet,  Gartner’s  Proctor  says  the 
logs  and  reports  generated  from  these  data-leakage 
products  indicate  that  a  corporation  is  taking  effective, 
efficient  actions  to  maintain  privacy  practices  required 
to  avoid  the  courtroom. 

Kit  Robinson, Vontu ’s  director  of  corporate  commu¬ 
nications,  notes  that  while  Vontu  s  product  logs  may 
trigger  an  investigation  into  suspicious  activity,  its  real 
purpose  is  to  prevent  data  from  being  leaked.  For 
real  forensic  analysis  on  the  data  collected  by  Vontu’s 
product,  Robinson  points  to  his  company’s  relation¬ 
ship  with  Guidance  Software,  a  leading  forensics 
tools  vendor. 

To  illustrate  her  belief  that  these  products  help  with 
the  audit  process, Vericept  spokeswoman  Nina  Picci- 
nini  points  to  one  Vericept  customer  that  faced  a  sex¬ 
ual-harassment  case  brought  by  one  of  its  employ- 
ees.The  employee  claimed  her  boss  was  leaving 
pornographic  material  on  her  desk  and  sending  her 
sexually  explicit  e-mail.  By  using  Vericept’s  360°  Risk 
Management  Platform,  this  customer  was  able  to 
determine  the  employee  doctored  the  evidence  her¬ 
self.  When  the  captured  information  was  reviewed 
with  the  employee,  she  dropped  the  suit  and  left  the 
company,  says  Piccinini. 
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In  the  market  for  an  outbound 
content-monitoring  product? 

Check  out  our  online, searchable  Buyer’s  Guide 
database  at  DocFinder  4037. 


Paying  the  price 

In  general,  these  products  are  costly  Pricing  varies 
greatly,  but  most  vendors  will  charge  per  user/worksta¬ 
tion,  per  appliance  or  per  the  exit  points  at  which  infor¬ 
mation  can  leave  the  corporate  network,  such  as 
through  e-mail  attachments,  IM  and  data  uploading  to 
an  FTP  server. 

Organizations  in  highly  regulated  industries  can 
more  easily  justify  the  investment  in  products  that 
monitor  outbound  content.  But  tak¬ 
ing  into  account  the  financial  dam¬ 
age  associated  with  the  loss  of 
intellectual  property  and  govern¬ 
mental  fines,  the  vendors  report 
that  even  small  and  midsize  busi¬ 
nesses  (SMB)  are  showing  interest 
in  these  products.  An  SMB  may  be 
able  to  keep  the  price  tag  at  less 
than  $100,000,  but  an  enterprise- 
level  system  supporting  thousands 
of  users  will  easily  run  between 
$200,000  and  $500,000. 

While  the  vendors  we  surveyed 
offer  professional  services  to  assist  with  project 
implementations,  we  believe  most  organizations 
should  be  able  to  install  them  with  minimal  assis¬ 
tance  from  the  vendor.  However,  you’ll  likely  have 
to  pay  service  and  support  dollars  when  it  comes 
to  policy  creation,  troubleshooting  network 
performance  and  integrating  the  data-leakage  mon¬ 
itoring  into  custom  applications. 

To  avoid  spending  extreme  amounts  of  time  and 
money  with  professional  services,  buyers  must 
research  the  built-in  features  each  product  has  to 
offer  before  implementing  them. You’ll  also  need  to 
identify  internal  management  tools  that  will  require 
integration  with  the  data-leakage  products.  In  addi¬ 
tion,  if  the  product  has  built-in  templates  for  outgo¬ 
ing  messages  that  comply  with  governmental  regu¬ 
lations,  be  sure  to  investigate  whether  those  tem¬ 
plates  are  easy  check-off  lists  or  require  an  admin¬ 
istrator  to  use  a  built-in  template  as  a  base  for  cre¬ 
ating  more-granular  custom  categories. 

The  ROI  regarding  data-leakage  products  is  closely 
aligned  with  business  risk  and  therefore  they  are 
often  purchased  under  the  umbrella  of  compliance 
or  risk  management. 

Vericept’s  Piccinini  says  these  products  help  with 
hard  and  soft  return  on  investments:  The  hard  ROI 
is  that  organizations  gain  insight  about  when  to  re¬ 
place  network  gear,  and  the  soft  ROI  is  realized 
through  money  saved  by  staying  in  compliance 
and  avoiding  the  cost  associated  with  damage  to 
brand  reputation. 

These  products  won’t  solve  all  your  information 
security  issues  and  are  not  meant  to  replace  —  but 
rather  work  in  conjunction  with  —  regularly  sched¬ 
uled  vulnerability  assessments,  physical  security,  data 
encryption,  user  identity  and  access  control,  incident 
response  and  reporting  or  employee  screening.  While 
the  regulatory  climate  is  ripe  for  these  types  of  prod¬ 
ucts,  the  steep  price  tag,  stiff  competition  from  digital 
rights  management  vendors  and  a  market  filled  by 
smaller  vendors  could  make  these  products  appear 
as  luxury  information  security  tools. That  said,  if  you 
stand  to  lose  a  lot  if  you  lose  even  a  little  bit  of  data, 
they  are  worth  a  look. 

VanAuken  is  a  freelance  writer  and  product  tester  in 
Syracuse ,  N.  Y. 
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Security  consultant  Rodney  Thayer  poses 
seven  questions  you  should  ask  any  ven¬ 
dor  before  buying  one  of  these  products. 
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If  you  don't  take  control  of  your  data, 

someone  else  will. 
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INTRODUCING  THE  SHARP  MX-SERIES.  These  color  MFPs  help  prevent 
sensitive  information  from  falling  into  the  wrong  hands  by  providing  two  layers  of  advanced 
security.  First  they  encrypt  digital  information,  then  they  overwrite  the  disk.  It's  no  wonder 
Sharp  won  BERTL's  Best  Security  Solutions  Suite  for  2005,  the  BERTL  5-Star  Exceptional 
rating  for  product  usability  and  the  BLI  award  for  "IT  Friendliness."  Be  secure.  Be  Sharp. 
Visit  sharpusa.com/security 
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As  an  ENERGY  STAR* 
Partner,  Sharp  has 
determined  that  this 
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lor  energy  efficiency. 
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Longitude  offers  lots 
of  agent-less  latitude 


NETWORK  MONITORING 

LONGITUDE  3.0 

Heroix  wWw.huroix.com 


$299  per  monitored  system. 

Pros:  Excellent  use  of  remote  instrumentation 
techniques  to  acquire  useful  metrics. 

Cons:  Doesn't  support  DB2,  Lotus  Notes  or 
Lightweight  Directory  Access  Protocol 
servers. 


BY  BARRY  NANCE,  NETWORK  WORLD  LAB  ALLIANCE 

Monitoring  tools  that  use  agents  offer  excellent,  detailed  visibility  into  serv¬ 
er  and  application  behavior.  But  agents  can  be  difficult  to  distribute,  often 
consume  server  CPU  and  memory  resources,  and  can  be  another  point  of 
failure  within  a  server. 


While  an  agent-less  monitoring  tool  cannot  supply  the 
wealth  of  detail  of  an  agent-based  product,  its  simpler 
environment,  reduced  risk  of  crashing  a  server  and  easier 
deployment  make  it  a  compelling  and  tempting  choice. 

Heroix  says  its  new  Longitude  3.0  agent-less  system  can 
monitor  a  network  well  enough  to  give  servers  and  appli¬ 
cations  the  same  uptime  and  availability  as  agent-based 
tools.  We  recently  tested  Heroix  and  found  that  it  serves 
up  a  plethora  of  useful  and  timely  data  on  server  and 
application  behaviors.  It  kept  tabs  on  several  specific  serv¬ 
er  platforms  and  applications,  was  easy  to  deploy  and  use, 
produced  helpful  reports,  and  didn’t  cost  an  arm  and  a 
leg  in  license  fees. 

Remote  monitoring 

Longitude  can  monitor  seven  platforms  (Windows 


Our  test  environment  consisted  of  six  routed 
Fast  Ethernet  subnet  domains  and  a  T-l 
Internet  connection.  Each  subnet’s  25  client 
computers  was  a  mix  of  Windows  2000  Pro¬ 
fessional,  NT  Workstation  4.0,  Windows  98,  Windows 
ME, Windows  XPRed  Hat  Linux,  A1X  and  Macintosh 
platforms.  The  relational  databases  on  the  network 
were  Oracle  8i,  Sybase  Adaptive  Server  11.5  and 
Microsoft  SQL  Server  2000.  Windows  2000  and 
NetWare  5.1  shared  files,  while  Internet  Information 
Server,  Netscape  and  Apache  software  served  up 
Web  pages.  An  Agilent  Advisor  protocol  analyzer 
decoded  and  displayed  network  traffic. 

We  ran  Longitude  on  a  four-way  Compaq 
ProLiant  ML570  900  MHz  computer  with  Pentium 
lil  CPUs,  2GB  of  RAM  and  six  18GB  SCSI  RAID  dri¬ 
ves.  The  operating  system  was  Windows  2003 
Advanced  Server. 

We  tested  the  products  ability  to  monitor  for  ser¬ 
vice-level  agreement  compliance,  outages  and 
slowdowns,  send  e-mail  alerts  or  page  us  when 
problems  occurred,  and  give  us  reports  we  could 
use  to  track  problems  and  spot  trends. 


Server  2000/2003, Windows  XRRed  Hat  Linux,  SuSE  Linux, 
Sun  Solaris,  HP’s  HP-UX  and  IBM’s  AIX),  two  Web  servers 
(Microsoft  Internet  Information  Server  and  Apache),  three 
relational  databases  (SQL  Server,  Oracle  and  MySQL), 
three  Java  2  Platform  Enterprise  Edition  application 
servers  (WebSphere, WebLogic  and  JBoss)  and  one  e-mail 
server  (Exchange  2000/2003).  In  addition  to  monitoring 
infrastructure  elements  such  as  Active  Directory,  DHCP 
Cisco  devices,  Dell  OpenManage  and  HP  Insight  Manager, 
Longitude  can  issue  synthetic  transactions  to  check  on 
the  health  of  services  that  include  DNS.FTBHTTPNetwork 
News  Transfer  Protocol,  SMTP  Secure  Shell  (SSH)  and 
Telnet.  It  also  can  determine  whether  devices  are 
responding, ports  are  connected, or  a  background  service 
or  a  particular  computer  program  is  running. 

In  our  tests,  Longitude  excelled  at  monitoring  these  plat¬ 
forms,  programs  and  infrastructure  elements.  If  your  com¬ 
puting  environment  matches  what  Longitude  supports, 
you’ll  likely  find  its  agent-less  architecture  and  superior 
monitoring  capability  an  effective  tool  to  maintain  high 
availability  and  uptime.  On  the  other  hand,  Longitude 
does  not  offer  specific  support  for  some  other  products, 
including  Netscape  Web  server  software,  IBM  DB2,  Sybase 
Adaptive  Server,  Lotus  Notes,  mainframe  operating  sys¬ 
tems  and  Lightweight  Directory  Access  Protocol  servers. 

Longitude’s  agent-less  architecture  is  closely  tied  to  the 
level  of  remote  instrumentation  available  in  the  supported 
platforms, programs  and  infrastructure  elements.  Longitude 
can  smartly  glean  its  useful  metrics,  because  it  knows  how 
to  query  Oracle  to  discover  a  red  flag  item, such  as  the  num¬ 
ber  of  transactions  waiting  for  a  redo  log  buffer. 

DB2  offers  something  similar  (the  Get  Tablespace 
Statistics  function),  but  DB2  requires  the  user  making  a 
query  to  first  log  on  to  DB2  as  an  administrator.  Moreover, 
because  more  companies  rely  on  Oracle  or  SQL  Server 
than  DB2  or  Adaptive  Server,  Heroix  opted  to  support 
more  commonly  used  databases.  Longitude  uses 
Windows  Management  Instrument  (WMI)  to  acquire 
Windows  operating  system  statistics.  It  uses  SSH,  Telnet 
and  rexec  to  obtain  Unix  and  Linux  performance  data.To 
get  activity  data  on  the  three  supported  databases,  it  uses 
WMI,  SSH  and  Java  Database  Connectivity  To  monitor 
Exchange,  Longitude  usesWMI.lt  uses  WMI,  SSH  and  JMX 
to  get  metrics  from  J2EE  application  servers, and  employs 
WMI,  SSH  and  HTTP  to  monitor  Web  servers. 


The  Breakdown 


Monitoring  30% 

5 

Notification  and  reports  20% 

4 

Ease  of  use  20% 

4 

Platform  support  and  scalability  20% 

3 

Documentation/installation  10% 

4 

Total  score 

4.1 

Scoring  Key: 

5:  Exceptional. 

4:  Very  good. 

3:  Average. 

2:  Below  average. 
1:  Subpar  or  not 
available. 


When  Longitude  detects  a  threshold  violation,  it  can  e- 
mail  one  or  more  people  and  can  page  a  network  admin¬ 
istrator  via  an  e-mail  gateway  Longitude  optionally  sends 
SNMP  alerts  (traps)  to,  for  example,  HP  OpenView,  and 
Longitude  can  execute  an  operating  system  command  or 
external  computer  program  when  a  problem  occurs. 

Ease  of  use 

Longitude’s  user  interface  is  entirely  browser-based. 
Intuitive  and  easy  to  navigate,  the  interface  uses  Secure- 
HTTP  for  security.  It  works  with  Internet  Explorer  6.0  or 
higher,  Netscape  7.2  or  higher  and  Firefox  1.0.1  or  higher. 
Longitude’s  highly  customizable  views  of  monitored  sys¬ 
tems  can  show  all  the  systems  or,  based  on  criteria  you  set 
up, specific  groups  of  servers  and  devices  by  department, 
region  or  other  filter. 

Longitude’s  service-level  agreement  (SLA)  dashboard 
display  shows  at  a  glance  whetheryou’re  meeting  the  SLA 
objectives  that  you  set  up,  and  the  historical  SLA  reports 
reveal  SLA  compliance  for  specified  time  periods. 
Longitude’s  reports  were  particularly  helpful  for  spotting 
trends,  planning  for  network  additions,  and  analyzing  gen¬ 
eral  network  and  application  activity. 

We  especially  liked  Longitude’s  self-maintenance  fea¬ 
tures.  It  handled  its  database  administration  and  other  inter¬ 
nal  chores  with  aplomb, and  didn’t  require  us  to  spend  any 
time  attending  to  Longitude’s  own  environment. 

Installing  Longitude  took  only  15  minutes.  It  runs  on  a 
subset  of  the  platforms  it  can  monitor  —  Windows  2003, 
Red  Hat  Linux  (V9  or  ES  3.0)  and  SuSE  Linux  9.The  print¬ 
ed  documentation  was  clear  and  comprehensive  but 
lacked  an  index. 

Because  it  does  an  excellent  job  of  monitoring  key  met¬ 
rics  without  requiring  an  agent  on  each  server,  we  recom¬ 
mend  you  take  a  close  look  at  Longitude.  If  Longitude  sup¬ 
ports  your  computing  environment,  its  useful  reports, 
timely  alerts  and  simple  maintenance  may  well  save  your 
company  money  while  it  helps  ensure  high  server  avail¬ 
ability  and  uptime. 

Nance  nins  Network  Testing  Labs  and  is  the  author  of 
Introduction  to  Networking,  4th  edition,  and  Client/Server 
LAN  Programming.  He  can  be  reached  at  barryn_@erols.com. 


With  shrinking  backup,  recovery  and  archive  windows,  most  IT  Professionals  protect  their  data  after  normal 
business  hours  and  on  weekends  -  the  times  when  you  would  rather  not  sit  around  watching  a  tape  library. 
Our  PX500  Series  redefines  value  in  rackmount  tape  automation  with  enterprise-class  features,  high  density 
and  market-leading  investment  protection.  And  our  superior  performance,  reliability  and  support  allow  you 
to  have  a  normal  life  -  with  vacations.  To  find  out  how  Quantum's  got  you  covered  with  our  new  PX500  Series, 
call  866-827-1500  or  visit  us  at  www.quantum.com.  22S2SMS5  rBiT 


QUANTUM.  WE’VE  GOT  YOU  COVERI 


Quantum 


Quantum 


BACKUP  RECOVERY.  ARCHIVE.  IT’S  WHAT  WE  DO 


©2005  Quantum  is  a  trademark  of  Quantum  Corporation  in  the  United  States  and  other  countries.  All  other  trademarks  are  the  property  of  their  respective  companies: 
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Enterprise  security  is  in  the  midst  of  a  significant  shift.  With  the  ad¬ 
vent  and  increasing  popularity  of  remote  access  solutions,  analysts 
are  seeing  the  growth  in  organizations  that  might  be  described  as 
“enterprises  without  walls.”  Employees  can  work  from  remote  loca¬ 
tions  or  home  offices  and  securely  access  files  and  applications. 
Business  partners  can  earn  privileged  access  to  a  range  of  key  net¬ 
work  resources  to  improve  the  working  relationship  between 
organizations. 


The  concepts  of  identity  management  and  access  control  have  been 
commonplace  in  our  industry  for  many  years.  But  companies  are  now 
looking  at  new  ways  to  define  Identity  and  Access  Management,  and 
new  ways  to  build  a  more  reliable  security  infrastructure  that  properly 
identifies  each  user  before  providing  the  key  to  the  trusted  network. 


What  is  the  ultimate  goal  of  an  1AM  solution?  In  a  perfect  world,  we 
want  to  provide  unfettered,  24  x  7  access  to  every  application  and 
data  resource  in  our  network.  We  want  to  support  an  increasingly 
mobile  workforce  and  rapidly  disappearing  perimeter. 


And  for  the  CEO,  the  CFO,  and  the  COO,  there  are  regulatory  obliga¬ 
tions  to  consider.  Whether  it’s  a  federal  mandate  to  provide  protec¬ 
tions  to  end-user  data,  or  a  board  of  directors-driven  edict  to  better 
track  and  audit  access  to  sensitive  information,  executives  are  keenly 
aware  of  the  consequences  of  inadequate  data  security  policies. 


There  are  several  components  that  make  up  the  wish  list  of  advanced 
1AM  systems. 


A  good  starting  point  is  the  “how  to  provide  anytime,  anywhere  ac¬ 
cess”  to  every  application  and  data  resource  that  resides  in  the  net¬ 
work.  Web-based,  zero-footprint  access  can  be  attained  with  SSL 
VPN  capabilities,  which  enable  the  user  to  open  a  secure  gateway 
into  the  network.  But  access  must  also  be  controlled  for  internal  us¬ 
ers  as  well,  and  the  rapid  growth  of  Network  Access  Control  (NAC) 
solutions  reflects  this  key  trend. 


This  access  must  furthermore  enable  the  wireless  LAN  network. 
Wireless  connections  are  one  of  the  hottest  segments  of  the  market. 
Employees  on  the  shop  floor,  executives  in  the  boardroom,  or  a  busi¬ 
ness  partner  in  a  meeting  room  must  be  able  to  quickly  gain  wireless 
access,  completely  monitored,  authorized,  and  auditable,  but  also 
easily  changed  as  these  access  rights  expire. 


www.securecomputmg.com 


Ultimately,  it  is  in  the  organization’s  best  inter¬ 
est  to  funnel  all  access  activity  -  remote, 
internal,  and  wireless  -  through  the 
same  administrative  point.  A  key 
benefit  of  a  single  1AM  solution  is 
the  ability  to  enforce  access  pol¬ 
icy  from  a  single  node,  and  the 
ability  to  report  from  a  single 
point  as  well.  Typically,  policy 
updates  must  be  applied  to 
every  server  that  hosts  a  dif¬ 
ferent  access  method.  Web 
servers,  IPSEC  VPNs,  SSL 


Please  join  us  for  an  important  Webcast  event  on  June  26 
featuring  Nemertes  analyst  Andreas  Antonopoulos  entitled 
“Identity  Meets  Access:  Achieving  Compliance  for  Online 
Business  Banking”  www.networkworld.com/Secure 
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Authenticate  and  manage  identities 


Web  mail 


Citrix 

Web 
applications 


PROTECT 

Monitor  and  secure  each  user  request 


Database 


SSL -VPN 
Wireless  LAN 


VPNs,  Wireless  LAN  boxes  -  policy  can  be  cumbersome  when  there 
are  multiple  devices  involved. 

The  network  is  only  as  secure  as  its  weakest  link.  With  embedded 
end-point  security  capabilities,  Identity  and  Access  Management  sys¬ 
tems  can  now  also  provide  a  reliable  mechanism  to  enable  configura¬ 
tion  compliance;  enforcing  every  end-point  device  to  adhere  to  cor¬ 
porate  IT  policy,  including  work  PCs,  laptops,  home  PCs,  servers  and 
workstations. 

An  additional  consideration  is  that  of  deployment  and  integration. 
Most  companies  already  have  systems  in  place,  such  as  Microsoft’s 
Active  Directory,  to  manage  their  extensive  user  base.  The  ideal  so¬ 
lution  should  plug  seamlessly  into  an  existing  Active  Directory  infra¬ 
structure,  leverage  the  user  data  that  already  exists,  and  allow  the 
organization  to  rapidly  deploy  and  administer  identity  and  access 
management  policies. 

Finally,  the  kicker:  Access  management  must  be  tightly  coupled  with 
identity  management  and  authentication.  Every  user  must  have  his 
or  her  identity  properly  authenticated  before  being  allowed  into  the 
network.  Strong  authentication  is  a  key  component  that  secures  the 
identity  piece  of  the  equation.  With  a  complete  solution  in  place,  com¬ 
panies  can  finally  gain  confidence  in  the  way  they  provide  remote  and 
internal  access  to  the  growing  range  of  constituents  in  their  evolving 
organizations. 
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Centrally  manage  access  policy 
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SECTOBSPflTUfiHT  ONLINEBANKIN^ 

■  How  emerging  technologies  are  transforming  key  vertical  industries. 

Online  banks  strengthen  security 

Financial  firms  tap  multifactor  authentication  to  give  customers  an  added  level  of  protection. 


AT  A  GLANCE:  OKLIHE  BANKING 

•  A  full  70%  of  the  top  23  credit  card  issuers  in 
the  United  States  and  14%  of  the  top  28  use 
multifactor  authentication. 


BY  DEB  RADCLIFF 

About  five  times  a  month,  customers  try  to  renege  on  purchases  and  transfers 
they’ve  made  through  their  SolidPay  e-wallet  accounts  by  claiming  they’re  victims 
of  fraud.  Each  time  the  data  gathered  through  SolidPay’s  authentication  system 
proves  they’re  lying,  saving  the  company  what  could  be  tens  of  thousands  of  dollars  per 
month  in  charge-backs  to  its  customers’  accounts. 


One  case  alone  in  October  would  have  left  SolidPay  hold¬ 
ing  the  bag  for  $15,000.  SolidPay  requisitioned  records  from 
its  authentication  vendor,  StrikeForce,  which  proved  the  dis¬ 
puting  customer  typed  a  personal  identification  number 
into  his  cell  phone  to  authorize  each  transaction.  It’d  be 
hard  to  hijack  both  PIN  and  cell  phone.  But  to  be  safe,  the 
Montreal  company  also  requisitioned  the  customers  phone 
records, proving  that  he  was  in  possession  of  the  phone  dur¬ 
ing  the  time  of  the  transactions. 

And  by  adding  another  layer  of  security,  SolidPay  is  sav¬ 
ing  even  more  significantly  by  eliminating  new-account 
fraud.  When  customers  try  to  open  new  accounts,  Strike- 
Force  ValidatelD  challenges  them  with  five  questions 
about  their  credit  histories  that  only  they  can  know. Then 
it  checks  the  answers  against  their  credit  reports. 

“Right  off  the  top,  we’re  able  to  weed  out  people  who 
don’t  exist,  which  amounts  to  about  30%  of  new  applicants 
who  are  only  there  to  commit  fraud,”  says  SolidPay  Pres¬ 
ident  Rob  Siegel.  “And,  with  the  telephone  call-back 
authentication  asking  our  consumers  to  type  in  a  PIN  to 
authorize  each  transaction,  we’re  able  to  prove  that  each 
transaction  was  authorized.” 

Just  as  important,  the  system  protects  customers  from  on¬ 
line  fraud  against  their  accounts,  which  is  the  main  driver 
behind  any  multifactor  authentication  project  in  the  finan¬ 
cial  sector.  Multifactor  authentication  combines  different 
types  of  authentication,  such  as  smart  cards,  biometrics  or 
cognitive  passwords.The  other  driver  is  the  year-end  dead¬ 
line  for  stronger  authentication  by  the  Federal  Financial 
Institution  Examination  Council  (FFIEC). 

Like  SolidPay,  early  adopters  are  using  a  variety  of  au¬ 
thentication  methods  in  multiple  layers  along  the  trans¬ 
action  trail  and  tying  authentication  into  their  fraud- 
detection  systems,  according  to  a  Gartner  report  on  con¬ 
sumer  multifactor  authentication.  So,  say,  an  unusually 
large  wire  transfer  sets  off  a  fraud-detection  alarm  and  a 
third  form  of  authentication  is  requested. 

A  good  example  is  e*Trade,  which  last  year  began  offer¬ 
ing  free  RSA  SecurelD  tokens  to  its  active  customers  and 
built  an  expandable  framework  to  accommodate  other 
forms  of  authentication  down  the  road.  In  the  near  future, 
e*Trade  will  add  another  layer  to  service  its  authentica¬ 
tion  and  fraud-detection  systems  using  RSA  Cyota  trans¬ 
actional  analysis  software  to  fingerprint  the  computers 


trying  to  authenticate. 

“There  are  a  lot  of  attributes  associated  with  an  authenti¬ 
cation  —  IP  address,  machine  type,  operating  system  ver¬ 
sion  and  so  on  —  that  can  be  passively  fingerprinted  with¬ 
out  the  customer  ever  knowing,”  says  e*Trade  CIO  Greg 
Framke.“lf  an  authentication  profile  is  not  normal  —  say  it 
logs  in  from  a  blacklisted  IP  address  or  an  IP  that  doesn’t 
resolve  right  —  then  that  person  might  get  a  note  saying 
please  call  customer  service.” 

Framke  won’t  reveal  how  much  e*Trade  spent  to  build  and 
integrate  the  system  and  roll  out  the  tokens  but  says  the  costs 
were  insignificant.  He  also  says  maintenance  and  help  desk 
support  costs  are  small,  because  e*Trade  customers  resolve 
most  of  their  token  problems  through  an  online  interface. 

“For  us,  we  weren’t  thinking  about  ROI.  We  saw  this  as 
another  innovative  product  to  make  our  customers  feel 
better  about  e*Trade,”  Framke  says  of  the  Merrifield,  Va., 
company.  “And  since  we  cater  to  a  self-help  online  com¬ 
munity,  we’ve  had  very  successful  adoption.” 

Most  users  and  organizations  aren’t  so  willing  to  em¬ 
brace  tokens,  because  of  convenience  issues, according  to 
Gartner,  which  predicts  wider  adoption  of  software-based 
tokens  than  hardware  over  the  next  few  years. 

This  is  the  case  at  Stoneridge  Bank,  an  online  lending 
and  banking  institution  in  West  Chester,  Pa.,  with  $38  mil¬ 
lion  in  assets.  Stoneridge  went  live  last  summer  with 
SecurelD  tokens  and  shared  secret  authentication  where¬ 
in  customers  are  asked  preset  questions,  such  as, “What’s 
your  favorite  time  of  the  year?”The  vast  majority  adopted 
the  shared  secret,  but  only  a  handful  of  users  accepted 
the  tokens,  which  they  give  away  the  first  year  and  will 
charge  $25  for  thereafter,  according  to  George  Rapp,  vice 
president  and  IT  director. 

“Our  customers  say  they  don’t  want  the  cost.  Others  say 
they’re  afraid  they’ll  lose  their  tokens  and  then  lose  access 
to  their  accounts.  Surprisingly,  that  hasn’t  happened  with 
any  of  our  token  users  so  far,”  Rapp  says. 

Like  e*Trade,  Stoneridge  has  built  its  own  modular  au¬ 
thentication  system  to  eventually  accept  other  forms  of 
authentication  for  a  nominal  investment  of  what  Rapp 
says  was  “four  figures.” 

Unlike  individual  organizations  building  authentication 
frameworks  for  their  own  use,  Digital  Insight,  an  online 
banking  application  service  provider  with  1,750  financial 


•  A  March  survey  of  2,000  U.S.  adults  reported 
that  42%  of  U.S.  households  did  online  banking 
and  bill  paying. 

•  Only  9%  of  all  identity-theft  cases  occurred 
online.  Of  those,  5%  came  from  automated 
attacks  on  victim  computers  averaging  $5,858 
per  case  for  a  total  of  $2.6  billion,  and  3% 
stemmed  from  phishing,  amounting  to  $7,294 
per  case,  or  $1.9  billion.  The  majority  of  the 
losses  were  absorbed  by  the  financial  services 
providers. 

SOURCE:  JAVELIN  STRATEGY  AND  RESEARCH 


services  clients,  is  pouring  considerable  time  and  invest¬ 
ment  into  its  framework  to  support  dozens  of  authentica¬ 
tion  methods  for  its  clients. 

“We  have  a  diverse  client  base  that  demands  flexibility?’ 
says  Scott  Mackelprang,  vice  president  of  security  and 
compliance  at  Digital  Insight.  “Our  smaller  financial  cus¬ 
tomers  want  us  to  guide  them  through  the  FFIEC  recom¬ 
mendations  and  give  them  seamless  authentication  their 
users  never  see.  But  our  larger,  more  sophisticated  institu¬ 
tions  want  fingerprints  to  authorize  wire  transfers.The  only 
way  we  can  do  this  is  through  options  and  layerabilit/ 

The  company’s  framework  will  roll  out  in  three  phases  to 
ratchet  up  as  threats  increase.  Phase  1 ,  to  be  completed  in 
time  for  its  banks  to  meet  the  FFIEC’s  end  of  2006  dead¬ 
line,  uses  TriCipher’s  Armored  Credential  System  to  handle 
a  variety  of  secure  cookie-based  credentials  on  the  cus¬ 
tomers’  browsers. 

Phase  2  will  enable  financial  institutions  to  offer  their  cus¬ 
tomers  credentials  stored  encrypted  on  the  operating  sys¬ 
tem.  Phase  3  will  support  USB  tokens. 

There’s  no  such  thing  as  bulletproof  security:  But  if  done 
in  layers  and  tied  into  fraud  detection  systems,  multifactor 
authentication  might  make  online  banking  safer  than 
banking  offline,  experts  say. 

‘Added  security  should  be  talked  about  as  a  positive  for 
customers,” says  James  van  Dyke,  founder  and  principal 
analyst  of  Javelin  Strategy  and  Research. “Use  it  to  show 
that  they’re  safer  banking  online.  In  the  mail,  you  can  t 
encrypt  the  data.  And  online’s  the  only  place  you  can 
catch  fraud  in  real  time.” 

Radcliff  is  a  freelance  writer  specializing  in  online  safety  and 
network  security.  She  can  be  reached  at  www.debraddih  .  am. 
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Need  to  research  advanced 
technologies?  Visit  the  New  Data 
Center  Research  Center  for 
product  info  and  case  studies  at 

www.nwdocfinder.com/SSS5 
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BY  JULIE  BORT 


mart  use  of  contract  help 
is  central  to  the  New  Data 
Center  plan.  Call  it  out¬ 
sourcing.  Call  it  managed  services. 
Call  it  out-tasking.  But  network  executives  will  call  on  it 
in  some  form  to  help  them  manage  the  complexities 
of  their  advanced  New  Data  Center  infrastructures. 


Some  early  adopters  of  todays  crop  of  advanced 
network  management  services  can  even  envision  a 
day  when  their  entire  New  Data  Center  infrastructure 
comes  to  them  in  on-demand  form  with  the  hardware 
owned  by  the  outsourcer,  stored  off-site  and  deliv¬ 
ered  as  a  pay-per-use  monthly  service.  So  it  is  with 
Bill  Kirkland,  president  of  Logistics  Computer  Ser¬ 
vices  (LCS),  the  IT  arm  of  Performance  Logistics 


Group,  a  $300  million  auto  16 
company  headquartered  in  Wa 
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“We  still  have  all  the  hardware  here,  but  we  are  reaching 
a  point  where  I’m  thinking, ‘Why  do  we  need  the  hard¬ 
ware  here?’"  he  says,  noting  that  today’s  utility  computing 
options  are  not  affordable  for  LCS  now.  “In  our  environ¬ 
ment,  with  terabytes  of  storage  and  data,  this  isn’t  going  to 
fit  for  us  until  it  is  economical,  and  right  now  I  don’t  think 
it  is.  But  it  would  be  in  the  future.  I  don’t  see  any  reason 
why  my  programmers  couldn’t  be  at  home  and  basically 
have  virtual  offices.” 

Even  so,  service  providers  have  much  work  to  do  before 
the  New  Data  Center  can  truly  be  delivered  as  a  series  of 
low-cost  utilities.  As  such,  they’re  busily  refining  their  ad¬ 
vanced  managed-services  portfolios,  which  include  utility 
services,  outsourced  virtualization,  grid  computing, storage 
services,  preventive/performance  maintenance  and  busi¬ 
ness  process  management.You’ll  need  diligence  to  find  the 
provider  that  will  fit  the  particular  advanced  technology 
you  want  managed  or  that  offers  the  cutting-edge  network 
management  functions  you  need. 

All  things  server 

Managed  services  for  the  server  infrastructure  are  per¬ 
haps  the  most  abundant  among  NDC  options.  They  in¬ 
clude  utility  services,  outsourced  server  virtualization  and 
grid  computing.  While  the  utility  buzzword  connotes  an 
entire,  flexible  infrastructure  available  for  a  monthly 
charge,  services  today  more  or  less  involve  servers  resid¬ 
ing  at  the  outsourcer’s  site  with  customers  paying  for  CPU 
cycles  used. The  per-CPU  fee  necessarily  covers  all  under¬ 
lying  infrastructure  components,  including  storage,  net¬ 
work  connections  and  hosting  space.  Such  stalwarts  as 
AT&T,  HP1BM  and  Sun  offer  various  flavors  of  utility  com¬ 
puting.  More  are  on  their  way.  For  instance,  Capgemini, 
based  in  Paris,  is  experimenting  with  utility  computing  for 
its  European  customers  and  has  unofficial  plans  to  enter 
the  U.S.  market,  officials  say 

As  one  example,  AT&T  offers  its  Managed  Utility 
Computing  and  Utility  Hosting  services  through  its  hosting 
data  centers.  With  Managed  Utility  Computing,  a  customer 
gets  dedicated  Sun  servers,  complete  with  whatever  stor¬ 
age  and  network  support  is  required,  but  pays  only  for  the 
CPU  cycles  it  needs,  says  Chris  Costello,  AT&T  director  of 
managed  hosting.The  Utility  Hosting  service  is  similar,  but 
customers  share  servers  and  get  even  more  flexibility. 
“Customers  can  add  or  remove  computing  resources  on  a 
real-time  basis,  and  they  pay  for  current  usage  vs.  their 
expected  peak  usage,”  Costello  says. 

Like  other  outsourcers  playing  with  advanced  services, 
AT&T  provides  a  management  portal  that  lets  users  make 
near-real-time  configuration  changes  to  their  firewalls,  load 
balancing  rules  and  so  on.  AT&T  also  has  recently  rolled 
out  a  Server  Virtualization  service  in  which  it  hosts 
Windows  servers  running  VMWare  software. 

Interestingly,  some  users  say  that  even  if  they  have  an 
established  vendor  such  as  AT&T  doing  classic  monitoring 
or  break/fix  management,  they  aren’t  necessarily  interested 
in  a  “one  outsourcer  fits  all” approach  for  their  next-genera¬ 
tion  NDC  technologies. 

‘With  network  and  infrastructure,  we’ve  got  AT&T  —  it’s 
got  its  arms  around  the  whole  thing.  It  understands  tech¬ 
nology  and  has  the  infrastructure  in  place,  but  we  are  still 
segmenting  it  from  our  day-to-day  operations.  1  like  to  con- 
col  some  of  my  own  destiny  says  Jim  Elsesser,  IS  manager 


www.networkworld.com/supp/20QG/ndc/ 


of  Aurora  Pharmacy  in  Milwaukee. 

Aurora  Pharmacya  unit  of  Aurora  Healthcare,  outsourced 
the  building  and  management  of  its  MPLS  wide-area  net¬ 
work  to  AT&T  (formerly  SBC)  but  Aurora  Healthcare  runs 
VMware  server  virtualization  in-house,  Elsesser  says. 
Meanwhile,  the  pharmacy  looks  to  Communications 
Cabling  and  Networking  for  help  desk,  monitoring  and  ad¬ 
vanced  network-performance  tuning  for  the  gear  on  the 
inside  of  the  smart  jack,  he  says. 

If  your  goal  is  a  contract  for  utility-style  automatic  server 
provisioning,  beware. “We  have  customers  asking, ‘Can  you 
dynamically  move  27  Web  servers  from  A  to  B  if  I  need  to 
move  the  load?”’ says  Marc  Duvoisin,  practice  head  for 
Dimension  Data’s  managed  services.  “If  you  stay  with  a 
homogeneous  environment,  we  can  dynamically  reprovi¬ 


be  more  appropriate  than  an  existing  managed  service. 
Community  Health  Network  (CHN),  an  Indianapolis 
healthcare  system  that  wanted  to  outsource  management 
of  its  optical  storage  network,  made  that  choice, says  Chris 
Stewart,  technical  services  manager.  In  October  2005,  CHN 
hired  CentrePath  (better  known  for  its  root-cause  analysis 
software,  Magellan  DataPath  Manager)  to  build  and  man¬ 
age  a  50TB  Fibre  Channel  optical  SAN.  CentrePath  had 
been  managing  the  healthcare  system’s  private  dense 
wavelength  division  multiplexing  ring  since  it  helped  build 
the  optical  WAN  in  2003. 

“It  manages  the  Fibre  Channel  switches  —  all  of  our 
switch  ports  on  each  side,”Stewart  says. In  addition  to  keep¬ 
ing  the  ports  running,  CentrePath  monitors  for  perform¬ 
ance  improvement,  but,  as  a  control  measure,  the  service 


Advanced  managed  services: 

A  menu  of  options 

From  point  solutions  to  the  whole  shebang,  advanced  network  management  services 
are  being  offered  by  vendors  from  diverse  backgrounds. 


Provider 

Background 

Select  NDC  service  offerings 

AT&T 

Voice/data  network 
services 

Optical  network  management,  utility  computing, 
server  virtualization 

Capgemini 

Systems  integrator 

Business  process  outsourcing,  limited  utility 
computing 

CentrePath 

Network  monitoring 

Optical  network  and  storage  monitoring 

Dimension  Data 

Systems  integrator 

E-mail  archiving,  virtual  tape  backup  and  restore 

HP 

Systems  vendor 

Utility  computing,  storage  management,  automated 
server  provisioning,  grid  computing 

IBM 

Systems  vendor 

Utility  computing,  grid  computing,  software-as- 
a-service,  managed  storage  services 

Sun 

Systems  vendor 

Utility  computing,  grid  computing,  storage 
management,  predictive  tuning,  automated 
performance  management 

sion  servers  to  another  purpose,”  he  says.  But,  he  adds,  this 
can’t  be  done  today  for  multivendor  server  infrastructures. 

Network  managers  who  want  even  more  dynamic  provi¬ 
sioning,  for  applications  that  need  a  lot  of  computational 
power,  can  think  grid.  Outsourced  grid  services  include 
HP’s  Flexible  Computing  Solutions,  IBM’s  Grid  Deep  Com¬ 
puting  Capacity  on  Demand  and  Sun’s  Sun  Grid  Compute 
Utility  AT&T,  too,  plans  to  offer  a  grid  service,  Costello  says. 
It  has  not  announced  an  availability  date. 

Ending  storage  pain 

If  storage  is  your  pain  point,  many  a  vendor  claims  to  have 
a  service  to  help.  HP  offers  Multi-vendor  Storage  Manage¬ 
ment  Service,  a  per-gigabyte,  pay-as-you-go  option  that  in¬ 
cludes  monitoring,  provisioning,  capacity  management 
and  multivendor  storage-area  network  (SAN)  manage¬ 
ment,  HP  says.  Dimension  Data  sells  virtual  tape-like, disk-to- 
disk  backup  and  recovery  as  a  managed  service,  where  it 
pulls  the  data  over  the  network  and  eliminates  the  need  for 
tape  transportation, Duvoisin  says. EMC  and  Sun  StorageTek 
offer  pay-for-capacity  metered  storage  options. 

For  high-end  SAN  management,  a  custom  contract  might 


provider  doesn’t  execute  such  changes  automatically  “We 
work  really  closely  with  it  on  what  we  can  improve,  though 
guys  in  my  team  perform  the  work,”  he  says. 

Hiring  for  performance 

Perhaps  the  trickiest  of  all  NDC  technologies  to  contract 
out  is  advanced  network  management.  Sure,  you  can  hire 
countless  companies  to  watch  your  network,  tell  you  when 
something  breaks  and  help  you  fix  it.Yes,  nearly  every  mon¬ 
itoring  service  provider  today  is  smart  enough  to  ensure 
that  one  downed  component  won’t  crash  the  whole  net¬ 
work.  But  you’ll  find  it  hard  to  find  a  provider  to  move 
beyond  maintaining  the  status  quo. 

Sun  attempts  to  do  so  with  its  Preventative  Services  offer¬ 
ing.  Its  goal  is  to  do  ongoing  performance  tuning  long 
before  even  a  quiver  in  the  traffic  stream  will  register. This 
service  calculates  the  statistical  risk  of  a  failure  by  compar¬ 
ing  the  network’s  behavior  against  a  matrix  of  some  4,500 
known  risk  conditions  and  1.1  million  configurations,  says 
Mike  Harding,  vice  president  of  customer  network  services 
at  Sun.  For  instance,  the  matrix  shows  that  for  every  50 

See  Managed  service,  page  66 
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ormation  lives  at  Toyota  Motorsport.  With  the  help  of  EMC*  they  raced  into  Formula  1  contention.  A  combination  of  EMC  <•: 

S,,  and  systems  enabled  them  to  access  performance-critical  data  faster  and  easier.  So  now  the  team  can  reengine?’ 
i  races.  Manage  information  at  240-plus  miles  per  hour.  And  continuously  improve  their  car  and  their  results.  Loan  nuv 
iturnyourinformationintoacompetitiveadvantage.Visitwww.EMC.com/ilm. 
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continued  from  page  64 

megabytes  of  system  software 
change  in  a  Unix/Linux  environ¬ 
ment,  one  9  of  availability  is  lost. 
That  knowledge  can  help  you  pri¬ 
oritize  changes  against  the  proba¬ 
ble  associated  downtime,  Harding 


says.  “As  we  see  these  risk  condi¬ 
tions,  we  balance  them  against  the 
risks  of  change  —  whether 
change  needs  to  happen  now,  two 
weeks  from  now” —  or  the  system 
may  advise  to  simply  live  without 
the  change,  he  says.  Sun’s 
Electronic  Prognostics  service 


takes  this  further  by  automating 
the  fix  to  potential  failures. 

LCS  relies  on  Preventative  Ser¬ 
vices  as  part  of  its  larger  out¬ 
sourcing  contract,  Kirkland  says. 
“Sun  is  doing  a  lot  of  proactive 
management.  We  have  one  group 
of  database  administrators  re¬ 


sponsible  for  our  account.  We  get 
advanced  notification  of  potential 
problems.  We  get  an  advanced  set 
of  skills  at  our  disposal,  and  it  is 
more  economical  than  going 
out  and  spending  $100,000  on 
hiring  another  Oracle  program¬ 
mer  [when  we  need  those 


When  It  Comes  to  True  Innovation, 
There  U  Only  One  Fish  in  the  Pond 
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Introducing  the  Belden  IBDN™  System  10GX. 
Clearly  the  most  innovative  UTP  structured 
cabling  solution  in  the  marketplace. 

Sometimes  you  have  to  take  a  big  leap  in  your  thinking  to  get  to 
something  that’s  truly  new  —  and  truly  great.  That’s  what  we’ve 
done  with  our  10GX  Solution. 


•  SpiralFleX™  Cable  technology  that  increases  randomization  and 
greatly  improves  Alien  Crosstalk  performance 

•  Matrix  IDC™  Module  technology  which  eliminates  the  issue  of 
Alien  Crosstalk  between  modules,  offering  performance  30  times 
better  than  Cat  6 

•  FleXPoint  PCB  Module  technology  that  positions  the  compensation 
circuitry  directly  at  the  plug's  point  of  contact,  offering  unbeatable 
mated-connection  performance 

•  X-Bar™  Module  termination  technology  that  assures  accurate 
module/cable  termination  and  reduces  installation  differences 


Our  10GX  Solution  isn’t  an  improved  or  boosted  Category  6  system 
but  a  revolutionary  new  system  designed  around  a  series  of 
dynamic  enabling  technologies  that  deliver  on  the  two  most 
critical  factors  in  10  Gigabit  service:  reduction  of  Alien  Crosstalk 
and  controlled  performance  up  to  a  minimum  of  500  MHz. 


10GX  is  truly  the  most  advanced  10G  system  in  the  marketplace 
in  fact,  every  other  system  is  just  treading  water. 


For  more  information,  please  call 
Belden  COT  Networking 
at  1-800-262-9334. 


To  accomplish  Beyond  10G™  performance,  we’ve  developed  four 
totally  new  enabling  technologies  —  technologies  that  allow 
the  Belden  IBDN  System  10GX  to  deliver  guaranteed  performance 
up  to  625  MHz. 
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skills],” he  says. 

For  those  companies  that  want 
more  targeted  help  —  monitoring 
the  network  to  ensure  a  specific 
application  gets  priority  —  find¬ 
ing  a  service  provider  is  more 
complicated.  Business  process 
management  (BPM)  is  todays 
label  for  such  advanced  network 
management.  Many  outsourcers, 
such  as  Capgemini  and  EDS,  offer 
what  they  call  business  process 
outsourcing.  However,  this  term 
generally  refers  to  software-as-a- 
service  outsourcing  of  an  enter¬ 
prise-scale  application, such  as  for 
human  resources,  call  centers  or 
payroll. 


Go  online  for  tips  on  how  to  pick  a 
managed  service  provider  for  your 
New  Data  Center  infrastructure. 

www.nwdocfinder.coin/4025 


True  BPM,  in  the  network  man¬ 
agement  sense,  can  still  be  hired 
out  for  your  existing  infrastruc¬ 
ture,  but  as  of  today  would  likely 
involve  a  lot  of  custom  coding. 
Dimension  Data  offers  such  a 
service,  loosely  calling  it  “drill¬ 
down  monitoring,”  Duvoisin  says. 
Such  would  be  used,  for  exam¬ 
ple,  for  a  customer  who  wants  to 
track  the  performance  of  an 
Oracle  database,  down  to  the 
transaction  level,  as  transactions 
move  through  the  application, 
across  the  network  and  back  to 
the  database. 

To  do  so  Dimension  Data  could 
build  “synthetic  transactions”  that 
log  transaction  time  and  other 
metrics,  and  then  host  a  metrics 
repository  for  the  customer  to 
access  and  analyze. 

But,  while  most  net  executives 
would  love  help  with  BPM, early 
adopters  of  advanced  support 
aren’t  sure  the  outsourcers  are 
ready  to  provide  it.“In  the  group 
we  support,  some  of  the 
processes  are  generic  and  prob¬ 
ably  could  be  monitored  [by  an 
outsourcer] ,”  Kirkland  says.  “But 
70%  are  not. They  are  specific  to 
the  delivery  of  the  product,  and  I 
question  if  an  outsourcer  could 
do  that.”  ■ 


YOUR  BRANCH  OFFICES 
ARE  GROUNDED  — AGAIN. 


Eliminate  application  delays  with  the  market  leader. 

With  Packeteer  WAN  optimization  appliances,  your  business-critical  applications  are 
cleared  for  take-off.  They  give  you  monitoring,  control,  acceleration,  and  management 
all  in  one,  convenient  appliance.  What's  more,  you  can  control  recreational  and 
malicious  traffic  to  further  improve  employee  productivity.  The  result?  Faster  access  to 
business-critical  applications  and  happier  branch  office  users. 

To  learn  more,  please  visit  www.packeteer.com/takeoff. 


FREE 

SURVIVAL 


APPLICATION 
PERFORMANCE 
SURVIVAL  GUIDE 
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Performance  Suh 
Guide  now* 


er.  Packeteer  and  the  Packeteer  logo  are  registered  trademarks  of  Packeteer  Inc.  All  rights  reserved.  All  other  product  or  company  names  are  the  prop  fiy  o*  i*  ■  *  r 


www.networkwarld.com/supp/SOOB/ndc/ 


June 


imi? 


||||M  |g 


Network  execs  may  need  up  to  three  layers  of 
tool  sets  to  ensure  great  application  performance 


BY  DENISE  DUBIE 

ike  veteran  poker  players,  network  j 
executives  have  long  depended  on  a  r- 
mix  of  skill,  instincts  and  just  plain  luck  * 
to  predict  application  performance. 

With  business  success 
hanging  in  the  balance, 
however, todays  stakes  are  too  high  for  a  gamble 
on  application  optimization. 

Fortunately  today’s  network  executives  can  deliver  optimized  appli¬ 
cation  performance  across  local-  and  wide-area  networks  using  a 
variety  of  technologies,  and  can  spot  slowdowns  in  real  time  using 
tactical  tools.  In  fact,  when  planning  their  New  Data  Center  infra¬ 
structure,  network  executives  must  incorporate  application  opti¬ 
mization  technologies.  The  challenge  is  collecting  the  right  mix  of 
technologies  and  tools  for  a  winning  hand. 

'Application  management  software  is  great  when  you  are  working 
with  a  constrained  pipe.  But  if  you  are  dealing  with  application  traf¬ 
fic  on  the  Internet,  it  becomes  a  whole  new  game,”  says  Bruce 
Meyer,  senior  network  engineer  at  ProMedica  Health  System  in 
Toledo.  Ohio. 

Meyer  invested  in  a  Nortel  Application  Switch  2208  to  get  a  better 
Hew  of  the  application  traffic  consuming  bandwidth  among  some 
9,000  users  at  209  healthcare  facilities.  He  couples  it  with  an  open 
source.  Linux-based  reporting  tool  to  get  stats  on  top  talkers  and 
bandwidth  consumption.  The  application  switch,  deployed 
between  a  gateway  router  and  the  firewall, can  classify  more  than 
90%  of  network  and  application  traffic  and  apply  predefined  use 
policies  to  guarantee  that  critical  application  trafficsuch  as  radi¬ 
ology  services,  gets  priority'  over  traffic  such  as  peer-to-peer  chats,he 
says. 

“if  vou  know  what's  traveling  over  your  network,  you  can  better 
•;ortu;-i!  application  flows  and  offer  higher  availability  and  better 
i  c  dor;  Udi  ice  for  business  apptfc«i  ions, "Meyer  says.“No  one  has  told 
r  the  business  need  for  Tunes  yet." 

'  ‘"9 yi  , eft-  yi';  ■  V  -  . 

w  -<  -flail  liy  is  not  alone  in  hwtjuist  to  better  understand  appli- 
.  ns  L  diet  Across  enterprises,  the  urgency  of  that  task  continues 
•  'nittpt.y  as  data  center  consolidation  thrives,  telecommuting 

."•ws .  n.-j  complex  distributed  applications  flourish.  Whether  used 
>  own  or  in  concert  with  others,  the  tools  available  today 
L :  on  •?.  w  ay  or  another  tell  network  executives  how  to  design 
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If  you  know  what’s 
traveling  over  your 
network,  you  can  bet¬ 
ter  control  application 
flows  and  offer  higher 
availability  and  better 
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FOR  ONCE,  MANAGEMENT 
THAT  MAKES  THINGS  SIMPLE. 


The  IBM  eServer™  xSeries®  226  Express  helps  you  manage 
your  current  servers  from  a  single  console.  That’s  simple. 
And  together  with  Intel®  Xeon®  Processors,  the  x226  can 
help  meet  your  business  needs  now  and  as  you  grow. 
That’s  smart.  The  x226  can  even  alert  you  to  potential 
hard  drive  problems  up  to  48  hours  in  advance.  With  IBM, 
innovation  comes  standard.  It’s  that  simple. 


IBM  eServer  xSeries  226  Express 


Great  for  file,  print,  remote  office,  and  collaboration. 

From  $919 

Up  to  two  Intel®  Xeon®  Processors  3.40GHz  2MB  L2  Cache 

IBM  Director  monitors  the  system  and  provides  alerts 

Up  to  16GB  PC2-3200  DDR  II  memory 

Up  to  1.8TB  Hot  Swap  SCSI  storage 

Limited  warranty:  up  to  3  years  on-site1 


IBM  eServer  xSeries  236  Express 
From  $2,005 

IBM  Financing  Advantage  only  $63/month? 


IBM  eServer  xSeries  346  Express 
From  $2,025 

IBM  Financing  Advantage  only  $64/month’ 


Up  to  two  Intel®  Xeon®  Processors  3.80GHz  2MB  Up  to  2.7TB  using  300GB  Hot  Swap 
L2  Cache  SCSI  HDDs 


Light  Path  Diagnostics  pinpoints  hardware 
problem  areas 

Up  to  16GB  PC2-3200  DDR  II  memory 


Redundant  power  capable 
Limited  warranty:  3  years  on-site- 


Up  to  two  Intel®  Xeon®  Processors  Predictive  Failure  Analysis  and  Light  Path 
3.80GHz  Diagnostics  help  provide  easy 

Two-way  2U  rack  server  identification  of  hardware  problems 

Up  to  16GB  DDR  II  memory  Limited  warranty:  3  years  on-site' 

using  8  DIMM  slots 


RAID  Card.  At  no  extra  charge. 

Purchase  a  select  IBM  eServer  xSeries  Express  server  and  you  can  receive  a  RAID  upgrade  at  no  additional  charge.  Offer  is  good  for  a 
limited  time  only  and  subject  to  availability  on  the  following  systems:  x206m  Express,  x226  Express,  x236  Express,  and  x346  Express. 


ibm.com/systems/innovate30  1866-872-3902  mention  104CE20E 


*AI!  prices  are  IBM's  estimated  retail  selling  prices  as  of  April  17, 2006.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document 
was  developed  for  offerings  in  the  United  States.  IBM  may  not  otter  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  Prices  subject  to  change  without  notice.  Starting  price  may  not  include  a  nad  d.i 
operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  tor  the  most  current  pricing  in  your  geography.  1.  IBM  hardware  products  are  manufactured  from  new  parts,  or  new  and  serviceable  used  pad:. 
Regardless,  our  warranty  terms  apply.  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  PO.  Box  12195,  RTP,  NC  27709.  Attn:  Dept.  JDJA/8203.  IBM  makes  no  representation  or  warranty  regarding  third-pir’v 
products  or  services,  including  those  designated  as  ServerProven  or  ClusterProven.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  Worn  seruio  , 
a  technician.  On-site  warranty  is  available  only  for  selected  components.  Information  about  non-IBM  products  is  obtained  from  the  manufacturers  of  those  products  or  their  published  announcements.  IBM  has  not  tested  those  products 
and  cannot  confirm  the  performance,  compatibility,  or  any  other  claims  related  to  non-IBM  products.  Questions  on  the  capabilities  of  non-IBM  products  should  be  addressed  to  the  suppliers  of  those  products.  2.  IBM  Q.  ta  Financing 
offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  lor  planning  purpj:  r  eniy 
and  may  vary  based  on  your  credit  and  other  (actors.  Lease  offer  provided  is  based  on  a  FMV  lease  ot  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdraws:  w-riou!  nonce 
3.  Otter  subject  to  the  complete  terms  of  the  IBM  eServer  xSeries  Express  server  and  RAID  promotion.  IBM,  the  IBM  logo.  eServer  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in 
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continued  from  page  68 

their  networks  for  applications  and  instrument  applications 
for  their  particular  networks. “There  is  a  lot  more  intelli¬ 
gence  available  today  about  how  the  application  uses  the 
network  and  how  the  network  can  make  the  application 
more  responsive,  robust  and  reliable,”  says  Joe  Skorupa,  a 
research  director  at  Gartner. 

Accelerators,  switches  and  software  -  oh  my 

With  such  stakes,  it’s  no  surprise  that  network  gear  and 
management  vendors  are  pitching  product  packages  for 
eliminating  application  performance  woes.  For  example, 
Cisco  has  its  Network  Application  Performance  Analysis 
push,  while  HP  has  Adaptive  Enterprise.  And  that’s  not  stop¬ 
ping  newcomers,  such  as  Certeon  and  Symphoniq,  from 
pursuing  the  optimization  market. 

Opportunities  should  be  plentiful,  regardless.  “Most  net¬ 
work  managers  are  going  to  need  two  or  three  clusters  of 
tool  sets  to  adequately  attack  this  problem  in  the  data  cen¬ 
ter  and  across  the  WAN,” says  Dennis  Drogseth,a  vice  pres¬ 
ident  with  Enterprise  Management  Associates.  “They  need 
visibility  into  application  performance, usage  and  behavior 
as  well  as  active  capabilities  that  can  take  action  in  real 
time.  It  will  be  like  Lego  pieces  coming  together  —  a  mon¬ 
itoring  product  sees  the  performance,  an  accelerator  trig¬ 
gers  a  policy  to  ensure  service  delivery  and  an  analytics 
tool  comes  into  play  for  planning.” 

Application  acceleration  and  WAN  optimization  devices 
perform  a  series  of  tasks,  from  compression  to  caching  to 
server  load  balancing.  The  goal  is  ensuring  remote  and 
branch  office  users  don’t  suffer  performance  degradations. 

Traffic-analysis  products  from  network-sawy  vendors 
including  Network  General,  Network  Physics,  NetQoS,  Net- 
Scout  and  Visual  Networks  (recently  acquired  by  Fluke 
Networks)  can  deliver  application  flow  data,  detailing  the 
paths  and  hops  application  traffic  takes  between  user 
requests  to  back-end  systems. 


More  hardware  options  come  in  the  form  of  application 
switches  from  Cisco,  Extreme  Networks  and  Nortel.  An 
application  switch  acts  as  a  proxy  for  Web  applications  and 
servers  sitting  behind  it.  Users  can  virtualize  an  unlimited 
number  of  back-end  Web  applications  and  servers,  provid¬ 
ing  better  availability  scaling  and  performance. 

In  the  software  realm,  application  performance  manage 
ment  software  from  BMC  Software,  CA,  HP  and  IBM  provide 
infrastructure  monitoring,  critical  to  understanding  the 
resources  applications  consume.  Now  the  big  four  —  with 
EMC  SMARTS  and  Opsware  —  are  augmenting  their  suites 
with  application-discovery  and  dependency-mapping 
technologies  (see“NDC  Insight,”  page  86). These  tools, simi¬ 
lar  to  tools  from  specialty  start-ups  such  as  nLayers,  prom¬ 
ise  quick  views  of  the  sources  of  performance  slowdowns 
through  topological  maps. 

Tools  that  monitor  users,  from  companies  such  as  Re- 
flectent  (acquired  by  Citrix),  Coradiant  and  ProactiveNet, 
address  the  most  critical  element  to  many  network  execu¬ 
tives  —  the  customer  experience  with  an  application.  And 
don’t  forget  predeployment  profiling, testing  and  emulation 
tools  from  Apposite  Technologies,  Compuware,  Mercury 
Interactive  and  Shunra.They  equip  network  managers  with 
knowledge  of  network  and  application  performance 
before  an  application  rollout. 

“IT  managers  are  warming  up  to  the  idea  of  spending 
more  time  with  an  application  upstream,  in  predeploy¬ 
ment,  to  ensure  better  performance  on  the  live  network,” 
says  Jean-Pierre  Garbani,  a  research  director  with  Forrester 
Research.“But  still  it’s  not  enough,  because  often  the  rush 
to  roll  out  the  app  limits  the  testing,  and  inevitably  per¬ 
formance  problems  crop  up  later? 

Be  the  user 

Among  the  din  of  product  pitches  and  business  de¬ 
mands,  network  executives  must  hear  one  voice  above  the 
rest  —  that  of  the  user. 

“We  have  come  a  long  way  from  how  we  used  to  manage 


applications.  In  the  past,  we  really  did  more  element  man¬ 
agement,  focusing  on  managing  the  servers  that  hosted  the 
application,”  says  Jean-Philippe  Draye,  a  system  architect 
with  Avaya’s  IT  department,  just  outside  of  Brussels, 
Belgium.“Now  we  realize  we  need  to  be  the  end  user” 

Capturing  the  experience  a  user  has  with  an  application 
has  long  been  the  Holy  Grail  for  application  managers,  but 
until  the  past  few  years  the  technologies  involved  in  doing 
so  required  a  lot  of  manual  work  and  human  correlation  of 
data  gathered  from  disparate  IT  resources.  Niche  vendors 
such  as  Reflectent  and  ProactiveNet  work  to  deliver  that 
perspective  by  using  advanced  analytics  and  other  tech¬ 
nologies,  such  as  client-side  agents. 

“Coupling  traffic  monitoring  with  application  perform¬ 
ance  management  from  the  end-user  perspective  is  the 
most  interesting  approach  to  tackling  this  problem,” says 
George  Hamilton,  a  Yankee  Group  research  director.“Re- 
gardless  of  how  you  build  the  network  to  support  applica¬ 
tions,  tools  that  monitor  traffic  will  give  you  a  better  look  at 
how  the  application  performs,  and  client-side  monitoring 
will  do  the  same  for  the  end-user  experience.” 

Network  managers  have  been  using  various  software 
packages  to  capture  the  user  experience  and  stop  prob¬ 
lems  in  their  tracks.  At  Avaya,  Draye  uses  a  combination  of 
management  software  products  from  HP’s  OpenView  port¬ 
folio  with  Packeteer  PacketShaper  appliances  to  gauge 
application  performance  locally,  at  distributed  locations 
and  over  the  WAN.To  get  ahead  of  performance  problems, 
HP  OpenView  Internet  Services  and  Transaction  Analyzer 
software  applications  let  Draye  set  up  about  30  worksta¬ 
tions  around  the  world  as  sample  users.The  PCs  loaded 
with  the  HP  software  monitor  about  50  applications  by  per¬ 
forming  more  than  50  simulated  transactions.  With  this 
information,  Draye  ideally  gets  a  heads-up  to  performance 
degradations  before  users  experience  a  slowdown. 

By  coupling  information  from  Packeteer’s  devices  with  the 
alerts  from  HP  software,  he  says  he  can  identify  the  nature 
of  a  performance  problem  more  quickly  “We  get  a  yellow 


The  care  and  feeding  of  an  optimized  application 

The  responsibility  for  application  performance  lies  with  multiple  IT  staffers,  from 
application  developers  to  desktop  managers.  Step  by  step  across  the  enterprise, 
here's  a  sample  of  what  tools  can  help. 


From  the  testing  lab  ... 

Application  profiling  and  WAN 
emulation  products  help  network 
managers  determine  before  deploy¬ 
ment  how  well  an  application  will 
work  on  the  existing  network,  if  code 
should  be  tweaked  and  if  upgrades 
should  be  done. 


To  the  data  center  ... 

Traffic-flow  analysis  products  can 
capture  application  packets  along 
their  path  from  request  to  service 
delivery.  Application  dependency 
mapping  tools  will  show  how  an 
application  touches  and  uses  data 
center  resources. 


fnnnnnnnJ^ 


QffilD 


Ouer  the  WAN  ... 

Application-acceleration  technologies 
package  application  traffic  for  the  high- 
latency,  bandwidth-constrained  trip  back  and 
forth  between  clients  and  servers  over  the 
wide  area  to  branch  offices  and  mobile  and 
remote  workers. 


as 


To  user  desktops. 

Client-side  performance- 
monitoring  tools  depend  on 
software  in  the  desktop,  laptop  or 
browser  to  capture  application 
response  times  to  user  requests. 
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flag  from  OpenView  Internet  Services, and  based  on  metrics 
we  can  determine  if  the  application  is  slowing  down  glob¬ 
ally  or  just  for  one  location  —  and  whether  it’s  a  problem 
with  the  application  or  with  the  network,”  Draye  says. 

While  many  network  managers  work  to  tweak  applica¬ 
tions  in  the  data  center,  others  focus  on  speeding  the  appli¬ 
cation  over  WAN  links.Today  these  functions  remain  rela¬ 
tively  separate, but  industry  watchers  say  a  poorly  designed 
application  can  wreak  havoc  on  a  LAN  or  WAN. 

“Unless  you  do  a  really  good  job  structuring  the  applica¬ 
tion  on  the  back  end.it  can  increase  traffic  and  become  a 
performance  nightmare  on  the  network,”  Gartners  Skorupa 
says.“A  well-structured  app  can  actually  decrease  traffic 
and  become  a  dream." 

Some  say  the  slew  of  today’s  point  products  for  perform¬ 
ing  a  specific  task,  such  as  protocol  optimization,  will 
become  part  of  other  network  equipment.  For  example, 
Cisco’s  Application  Control  Engine  is  a  blade  that  slides 
into  its  Catalyst  6500  switches  and  performs  several  func¬ 
tions  typically  handled  by  load  balancers,  compression 
devices  and  application-acceleration  devices,  the  com¬ 
pany  says.The  blade  resides  in  a  switch  deployed  between 
a  server  and  the  WAN  to  improve  traffic  flow. 

“A  lot  of  the  acceleration  technologies  will  eventually 
become  functions  of  the  network, so  investments  in  them 
today  are  mostly  tactical  .’’Yankee’s  Hamilton  says. 

Until  the  worlds  collide  and  acceleration  becomes  part  of 
the  plumbing  or  developers  discover  how  to  design  appli¬ 
cations  for  optimal  WAN  travels,  network  managers  have 
plenty  of  choices  in  acceleration  and  optimization  tech¬ 
nologies.  Large  vendors  such  as  Juniper  Networks  down  to 
newer  players  such  as  Crescendo  Networks  are  hammering 
away  at  the  problem,  delivering  products  hand  over  fist  to 
address  chatty  protocols  and  network  latency  issues. 

And  companies  such  as  Packeteer  are  adding  to  their 
capabilities  through  acquisitions.  Packeteer,  known  as  an 
application  traffic-management  vendor,  did  so  by  buying 
Tacit  for  its  wide-area  file  services  technology. 

At  Rockwell  Automation,  1 10  of  Packeteer’s  PacketShaper 
appliances  help  manage  traffic  worldwide,  says  Dan 
Hanke,  global  network  infrastructure  manager  at  the 
Milwaukee  company  The  appliances  let  him  give  priority  to 
business-critical  traffic  while  still  allowing  employees  to 
use  noncritical  applications. 

“We  didn’t  want  to  lock  out  all  application  traffic  —  if  an 
employee  does  online  banking  during  his  12-hour  day  we 
are  OK  with  that,”  Hanke  says.  “But  we  wanted  to  size  our 
links  appropriately  so  spikes  in  one  type  of  application  traf¬ 
fic  from  one  user  wouldn’t  affect  performance  of  other 
applications.” 

Hanke  represents  a  good  example  of  how  application 
optimization  should  be  considered.  While  the  products, 
approaches  and  performance  demands  vary,  industry 
watchers  say  network  managers  need  to  remember  the 
technologies  available  today  are  ultimately  designed  to 
enable  the  peaceful  coexistence  of  many  applications. 

“Application  management,  acceleration  or  optimiza¬ 
tion  tools  should  help  customers  prioritize  and  cus¬ 
tomize  how  their  network  and  applications  work  togeth¬ 
er, "Yankee’s  Hamilton  says.“No  one  application  should 
be  set  above  the  rest  and  sacrifice  the  performance  of 
the  others.  These  technologies  should  help  network 
managers  accommodate  many  applications  traversing 
the  network.”  ■ 
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Perfecting  app  performance 

To  optimize  performance,  net  execs  must  manage  an  application  through¬ 
out  its  life  cycle,  from  predeployment  to  the  user  desktop.  The  following 
technologies  can  help. 

APPLICATION  PROFILING:  Available  from  companies  such  as  Compuware,  Mercury  Interactive,  NetlQ  and 
Opnet,  these  software  tools  help  network  managers  work  with  application  developers  by  simulating  how  new  or 
revised  applications  would  run  if  deployed  on  an  existing  or  upgraded  network.  By  posing  what-if  scenarios  and 
exploring  various  options,  network  managers  and  application  developers  can  determine  an  application's  foot¬ 
print,  chattiness  and  bandwidth  needs  and  prevent  an  application  from  running  poorly  because  of  the  application 
configuration  or  because  network  bandwidth  is  lacking. The  software  sits  on  a  dedicated  workstation  or  server. 

WAN  EMULATION:  These  products,  from  companies  such  as  AppositeTechnologies  and  Shunra,  let  IT  man¬ 
agers  test  whether  the  application  can  withstand  the  increased  performance  demands  of  the  wide  area.  For 
instance,  Shunra 's  Virtual  Enterprise  runs  transactions  over  a  production  network  and  measures  the  perform¬ 
ance  of  the  application  against  predefined  service-level  metrics.The  technology  also  runs  network  impair¬ 
ments,  such  as  latency,  packet  loss  and  utilization,  against  the  application  to  test  its  merit  against  changing 
network  conditions. 

With  Apposite's  WAN  emulator,  network  equipment  and  applications  that  would  be  used  on  opposite  ends  of 
the  WAN  link  are  installed  on  either  side  of  the  emulator.  Users  then  configure  the  bandwidth,  latency,  packet 
loss  rate,  bit  error  rate  and  other  parameters,  and  the  WAN  emulator  applies  these  characteristics  to  the  traffic. 

TRAFFIC-FLOW  ANALYSIS:  Companies  such  as  Network  General,  Network  Physics,  NetQoS  and  NetScout 
deliver  products  that  help  network  managers  monitor  application  traffic  in  real  time.  Network-management 
tools  that  incorporate  traffic  monitoring,  packet  capture,  bandwidth  consumption  and  protocol  analysis  can 
show  network  managers  the  path  of  application  packets. The  response  time  at  hops  along  the  way  remains  a 
critical  metric  to  measure,  and  IT  managers  should  track  such  statistics  consistently  for  capacity  planning 
and  trend  analysis. 

Such  traffic-analysis  tools,  which  can  passively  monitor  traffic  using  probes  distributed  on  key  servers  or 
strategically  throughout  a  network,  also  can  give  network  managers  a  real-time  view  of  performance  across  IT 
silos  such  as  servers,  storage,  databases  and  the  network. 

APPLICATION  DISCOVERY  AND  DEPENDENCY  MAPPING:  This  technology  is  becoming  the  must-have  tool 
for  management  vendors  such  as  BMC  Software,  CA,  EMC  SMARTS,  HP,  IBM,  Mercury  and  Opsware,  and 
is  attracting  such  newcomers  as  Cendura, Tideway  and  nLayers.The  idea  behind  this  technology  is  that  net¬ 
work  managers  can't  manage  application  performance  adequately  without  first  knowing  what  they  have  and 
when  it's  changed. 

While  the  approach  —  with  software  or  appliances  —  varies,  the  technology  passively  monitors  traffic  to  dis¬ 
cover  which  applications  talk  to  which  servers,  for  instance.  Application  dependency  mapping  technology  can 
represent  the  servers,  databases,  routers  and  user  machines  associated  with  an  application.  It  also  can  show 
whether  a  problem  on  one  link  in  the  chain  will  affect  service  delivery  to  the  user. The  data  collected  by  the  soft¬ 
ware  also  can  populate  a  configuration-management  database. 

APPLICATION  ACCELERATION:  Gartner  breaks  down  this  general  category  into  two  product  types:  applica¬ 
tion  delivery  controllers  (ADC)  and  WAN  optimization  controllers  (WOC).  ADCs  reside  in  the  data  center 
and  are  deployed  asymmetrically,  meaning  only  on  the  data  center  end  (much  like  Cisco’s  recent  Application 
Control  Engine  release),  Gartner  says.  ADCs  can  accelerate  user  performance  of  browser-based  and  related 
applications  by  providing  several  technologies  that  work  at  the  network  and  applications  layers.  On  the  other 
hand,  WOC  products  are  deployed  symmetrically  on  either  end  of  a  WAN  link  and  improve  the  performance  of 
applications  accessed  across  the  WAN. The  technologies  typically  address  bandwidth  consumption,  latency 
and  protocol  issues. 

Besides  Cisco,  companies  offering  products  in  this  category  include  Blue  Coat  Systems,  Citrix  Systems, 
Expand  Networks,  F5  Networks,  Juniper  Networks,  Orbital  Data,  Packeteer,  Riverbed,  Silver  Peak  Systems 
and  Stratacache. 

CLIENT-SIDE  PERFORMANCE  MONITORING:  Determining  user  experience  is  not  a  new  technology  area. 

Adlex,  BMC,  Coradiant,  CA,  HP,  IBM  and  Ipsum  offer  tools  to  measure  application  performance  for  users  by 
tracking  real  traffic.  For  real  user  traffic  testing,  measurement  tools  often  use  appliances  or  software  probes  to 
monitor  passively  all  client  and  data  center  interactions  by  attaching  to  a  mirror  port  on  the  edge  router  in  a 
data  center.  Synthetic  Web  application  and  site-performance  measurement  tests  from  Keynote  and  Gomez  use 
agents  distributed  throughout  the  Internet  to  determine  how  a  Web  site  and  the  applications  running  on  it  react  \ 
to  peak  loads  and  various  geographies. 

An  innovative  approach  to  making  sure  users  are  getting  peak  application  performance,  industry  watchers 
suggest,  could  be  to  install  agents  on  desktops  and  laptops  to  capture  application  performance  by  the  real- 
world  user.  Companies  such  as  Reflectent  (recently  acquired  by  Citrix)  use  server  and  distributed  agent  soft¬ 
ware  that  collect  real-time,  user-level  performance  data  on  the  client  machine.The  software  measures  the  actu¬ 
al  experience  of  a  user  with  the  application,  a  metric  that  has  been  challenging  to  capture. 

—  Denise  Dubie 
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Automating 


The  New  Data  Center  demands  easier, 
more  reliable  change-management  processes. 

BY  JOANNE  CUMMINGS 


here’s  an  adage  that  says  change  is  the  only  constant.  Still,  every  IT  exec¬ 
utive  knows  constant  change  wreaks  havoc  on  a  complex  IT  environment.  In 
fact,  IDC  and  Gartner  report  that  70%  to  80%  of  IT-related  problems  are  directly 
attributable  to  changes  made  to  the  environment. 


Mark  Etherington,  global  head  of  distributed  computing 
at  JPMorgan  Chase,  New  York,  sees  it  firsthand.  His  firm 
makes  thousands  of  changes  to  its  30,000server  environ¬ 
ment  each  month.  Like  many  financial  firms,  JPMorgan 
sometimes  imposes  change  freezes  at  the  end  of  the 


month  or  quarter  to  ensure  optimal  systems  availability 

“When  we  have  a  change  freeze,  we  see  a  reasonably 
dramatic  drop-off  of  issues  in  the  environment,”  Ethering¬ 
ton  says.“So  we’re  faced  with  a  conundrum.  Do  we  prevent 
change  to  increase  availability  or  do  we  work  out  how  to 
manage  large  numbers  of  changes  better?  The  way  to 
attack  this  problem  is  to  make  change  a  safer  practice.” 

The  problem  is  compounded  as  firms  move  to  New  Data 
Center  technologies,  such  as  virtualization. ‘As  you  build  a 
more  complex  infrastructure  to  support  things  like  server 
virtualization, you  may  think  it’s  OK  to  be  sloppysince  virtu¬ 
alization  guarantees  the  service  availability  to  some 
degree,”  says  Richard  Fbtocki,  department  manager  of  IT 
operations  at  Erie  Insurance,  in  Erie,  Pa.  No  one  would 
notice  if  25  out  of  thousands  of  servers  fail  because  virtual¬ 
ization  would  cover  for  them. “But  ...  an  environment  that 
allows  me  to  be  that  sloppy  has  to  be  very  complex.To  man¬ 
age  that  complexity  to  make  sure  it  works  properly  you  need 
to  have  really  good  change  management,” says  Fbtocki,  who 
has  automated  change  management  across  his  285  servers. 

Good  change  management  relies  on  automation, specifi¬ 
cally  automating  the  change-management  process  while 
following  the  best  practices  laid  out  within  the  ITIL,  users 
say  Strict  IT  business  processes  implemented  via  automa¬ 
tion  can  increase  the  success  rate  of  change,  thereby  re¬ 
ducing  the  number  of  changes  necessary  eventually  result¬ 
ing  in  increased  service  levels  across  the  board. 

But  getting  to  that  point  isn’t  easy  Many  tools  provide 
some  automation  but  not  of  the  entire  change-manage¬ 
ment  process.  Ultimately  end-to-end  change-management 
capabilities  should  come  from  larger  firms,  such  as  BMC 
Software,  CA,  HRIBM  and  Symantec.  Each  of  these  compa¬ 
nies,  for  example, is  integrating  the  appropriate  technology, 
often  gained  through  acquisition,  into  their  product  lines. 

Before  choosing  a  change-management  product,  get  a 
handle  on  current  processes  to  ensure  that  they  are  as  effi¬ 
cient,  manageable  and  auditable  as  possible,  users  say“You 

See  Change,  page  74 
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Because  with  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers, 
storage  and  printers.  What’s  more,  you  can  keep  your  technologies  current 
while  helping  to  reduce  costs  -  through  IBM  Global  Financing. 

All  things  considered,  an  I.T.  hero  deserves  nothing  less. 
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IBM  eServer  xSeries  366  Express 
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2GB  memory,  expandable  to  64GB 
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IBM  TotalStorage  3580  Express 

Helps  protect  LTO™  investment 


Built  on  Ultrium™  3  technology 

Read/write  compatible  with  Ultrium  2  drives 
-  read  compatible  with  Ultrium  1  drives 

Up  to  800GB  cartridge  capacity 
with  2:1  compression1 

Limited  warranty:  3  years  on-site® 


From  $6,399* 

IBM  Financing  Advantage 

Only  $227/month4 
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IBM  Financing  Advantage 

Only  $168/month'* 


Complimentary  IBM 
Systems  Advisor  Tool. 

Tell  the  IBM  Systems  Advisor 
what  your  IT.  needs  are.  And 
it  will  automatically  customize 
a  server/storage  system  that’s 
right  for  you. 
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CfVSDB  tools  guide 

Most  big  systems  vendors  are  working  toward  fully  integrated, end-to- 
end  change-management  database  platforms. 


Product  Discovery 

method 

Fully  integrated 
Cfrom  approvals 
to  rollback]? 

Differentiator 

BMC’s  Change  and 

Configuration 

Management 

Agent-based 
and  agent-less 

Newly  available,  with  its 
Closed  Loop  capability; 
fully  integrated. 

CMDB  is  integrated 
with  Remedy  Service 
Desk;  includes  storage 
discovery;  mainframe 
discovery  planned. 

CA's  Harvest, 
AIIFusion  Endevor, 
Unicenter  Software 
Delivery,  Clarity 

Project  Manager 

Agent-less 

Due  in  2006. 

Includes  automated 
project  and  portfolio 
management  via  Clarity. 

HP's  OpenView 
Change  and 
Configuration 
Management,  Open- 
View  Service  Desk 

Agent-based 
and  agent-less 

Acquired  Peregrine  tech¬ 
nology;  not  fully  integrated. 

Strong  workflow  via 
Peregrine;  active  CMDB 
technology  uses  desired 
state  model  to  ease  roll¬ 
back,  standardization. 

IBM's  CCMDB,  plus 
Tivoli  Configuration 
Manager  and  Tivoli 
Provisioning  Manager 

Agent-based 
and  agent-less 

Due  June  30. 

Collation  adds  auto-dis- 
covery  and  application 
mapping;  emphasizes 
WebSphere  workflow. 

Symantec's  Veritas 
Configuration 

Manager,  Veritas 
Provisioning  Manager 

Agent-based 

Still  integrating  Relicore 
technology  (Veritas 
Configuration  Manager) 
with  Veritas  Provisioning 
Manager  for  auto  rollout. 

Relicore  is  the 
market-leading  CMDB. 

Change 

continued  from  page  72 

have  to  understand  what  you  want  and  put  it  in  the  right 
context.  Otherwise,  you  tend  to  lose  focus,”  says  Stephen 
Ashton,  London  CIO  at  Dresdner  Kleinwort  Wasserstein,  a 
global  investment  bank  that  runs  10  data  centers. 

ITIL  comes  in  by  spelling  out  best  practices  for  six  main 
IT  business  processes  —  configuration,  incident,  problem, 
change,  service/help  desk  and  release  management  — 
aimed  at  providing  operational  efficiencies.  A  truly  auto¬ 
mated  change-management  process  includes  elements  of 
each  of  these  six.  For  example,  you  can’t  make  a  change 
without  first  addressing  how  it  would  affect  the  environ¬ 
ment,  and  you  can’t  do  that  unless  you  know  what  ele¬ 
ments  are  in  your  environment  and  their  dependencies. 
This  is  configuration  management,  for  which  ITIL  specifies 
the  use  of  a  configuration-management  database  (CMDB). 

Similarly  many  changes  are  designed  to  fix  problems  in 
the  environment,  so  processes  and  tools  that  tie  into  inci¬ 
dent,  problem  management  or  help  desk  systems  are  key. 
And  once  a  change  has  been  approved, tying  it  to  an  auto¬ 
mated  release-management  system  ensures  that  its  rollout 
is  controlled,  tested  and  auditable.  Each  ITIL  best  practice 
provides  key  functionality  and  accountability  to  the  overall 
c  cange-management  system,  which  is  paramount  for  or¬ 


ganizations  facing  compliance  issues. 

“If  you  look  at  the  procedures  investment  banks  have 
gone  through  with  Sarbanes-Oxley  compliance,  you  find 
things  where  you  thought  you  had  controls,  but  you  haven’t 
got  evidence.  We’ve  been  working  on  the  levels  of  applica¬ 
tion,  general  and  entity-level  controls,  and  the  ITIL  frame¬ 
work  is  a  good  response,  especially  in  change  manage¬ 
ment,”  Ashton  says. 

Users  say  automating  change  can’t  work  without  a 
CMDB,  because  automation  requires  a  good  map  of  your 
environment  (see  NDC  Insight,  page  86).  In  a  sense,  the 
CMDB  is  a  huge  database  that  keeps  track  of  every  config¬ 
uration  item  —  be  it  hardware, such  as  a  router,  or  software, 
such  as  an  application  release  —  in  an  environment.lt  also 
maps  the  dependencies  among  these  items.  So,  if  an  appli¬ 
cation  running  on  one  server  depends  on  a  database  on 
another  server  and  uses  a  security  appliance  running  else¬ 
where, then  the  CMDB  shows  all  of  those  connections. 

The  problem  has  been  getting  that  level  of  information  in 
a  single  view  and  keeping  it  current.Today,  there  are  sever¬ 
al  CMDB  wares  that  provide  automated  discovery  of  con¬ 
figuration  items  and  automated  mapping  of  application 
dependency.  These  include  products  from  BMC,  CA, 
Cendura,  HP  IBM,  nLayers,  Mercury  Interactive,  Symantec 
and  Tideway  Systems. 

The  tools  differ,  however,  in  their  breadth  and  methodol¬ 


ogy  For  example, CMDBs  can  use  agent-based  or  agent-less 
discovery  Agent-based  systems  typically  gather  more  de¬ 
tailed  diagnostics  and  can  be  a  good  choice  for  critical  in¬ 
frastructure,  JPMorgan’s  Etherington  says.  But  in  cases  in 
which  business  units  may  be  adding  gear  without  IT’s 
knowledge,  agents  are  at  a  disadvantage.  The  CMDB  can’t 
work  properly  if  agents  never  get  installed.  So  the  agent-less 
method  is  the  choice  at  JPMorgan,  which  is  conducting  a 
large-scale  discovery  using  Tideway’s  Foundation,  he  says. 

Others  say  a  hybrid  approach,  in  which  some  discovery  is 
performed  via  agents  while  the  rest  is  done  agent-less,  is 
best.  For  example,  IBM’s  Change  and  Configuration  Man¬ 
agement  Database  (CCMDB)  uses  Collation’s  agent-less 
discovery  and  combines  that  data  with  information  gath¬ 
ered  from  its  various  enterprise  monitoring  systems,  which 
are  agent-based. This  lets  users  receive  more  in-depth  infor¬ 
mation  from  critical  pieces  of  the  infrastructure  while 
ensuring  that  no  piece  goes  undiscovered.  Still  the  agent¬ 
less  crowd  contends  that  full  agent-less  systems  are  best, 
because  they  save  IT  the  hassle  of  having  to  deploy  agents 
on  various  boxes  throughout  the  environment. 

When  it  comes  to  breadth,  most  CMDBs  can  discover  and 
map  a  wealth  of  server-based  software,  says  Paul  Schaap- 
man,  manager  of  technical  services  at  the  VA  Farm  Bureau 
in  Richmond,  Va.  “But  there  are  some  applications  they 
can’t  detect  yet,  especially  the  legacy  ones.” 

IBM  contends,  however,  that  its  use  of  agent-based  tech¬ 
nologies,  combined  with  Collation’s  agent-less  discovery, 
covers  all  the  bases.  Meanwhile,  BMC  rolled  out  bolstered 
storage  discovery  capabilities  last  month  and  plans  to  re¬ 
lease  support  for  mainframe  discovery  in  the  fall,  it  says. 

Once  a  CMDB  is  in  place,  organizations  can  tackle  auto¬ 
mating  the  rest  of  the  change-management  process.  Each 
change  can  be  analyzed  using  the  CMBD’s  application 
dependency  mapping  features  to  ensure  that  the  adminis¬ 
trators  responsible  for  supporting  each  item  affected  by  a 
change  are  informed  and  included  in  the  change-approval 
process.  The  best  tools  automate  the  whole  process,  from 
initial  request  through  final  approval.  In  some  cases,  such 
as  with  tools  from  smaller  server-focused  vendors,  final 
approval  can  actually  kick  off  an  automated  software  deliv¬ 
ery  component,  in  which  the  tool  then  rolls  out  the  change. 
The  best  tools  also  offer  some  kind  of  audit  capability  that 
tracks  the  change  rollout  and  its  success. 

Erie  Insurance  uses  BMC’s  Support  Magic  tool  to  auto¬ 
mate  discovery  and  application  mapping,  as  well  as 
approvals.  Once  a  change  is  approved,  the  tool  alerts  tech¬ 
nicians  that  they  can  roll  out  the  change.  When  they’ve  fin¬ 
ished,  they  go  back  into  Support  Magic,  answer  a  few  sim¬ 
ple  questions,  and  based  on  their  responses,  the  tool  cal¬ 
culates  a  success  rate,  Fbtocki  says.  “Now  the  techs  don’t 
feel  like  they  are  being  judged  by  management,” and  we  get 
a  reliable  audit  trail,  he  adds. 

The  whole  point  is  to  more  easily  and  reliably  document 
each  change,  track  its  approval  and  rollout,  and  then  audit 
its  success  —  all  in  an  effort  to  improve  overall  service 
delivery  to  the  business. 

“Really,  the  objective  is  to  measure  what  we  do  so  we  can 
improve, ’’Schaapman  says.“Setting  these  processes  up  posi¬ 
tions  us  for  that.That’s  our  main  driver’’ 

Cummings  is  a  freelance  writer  in  North  Andover,  Mass. 
She  can  be  reached  at  jocummings@comcast.net. 
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TRUE  OR  FALSE? 

YOUR  CAR  HAS  ADVANCED  SECURITY  AND  YOUR  DATA  DOESN'T. 


It's  smart  to  protect  the  things  you  care  about.  Ever  wonder  what  could  happen  if  your  company  suffered  a  data  breach?  It  could 

TM  TM 

come  from  inside  or  outside.  The  results  could  be  devastating.  That's  why  there's  EpiForce  from  Apani  Networks  .  It's  built  from 
the  ground  up  to  secure  data  inside  the  perimeter.  Plus,  it's  highly  scalable  and  creates  continuous,  easy-to-access  audit  trails. 
So,  you  can  lessen  the  risk  of  a  breach  and  help  protect  something  that’s  truly  valuable  -  your  future. 

To  /earn  more  about  securing  inside  the  network  perimeter,  get  a  free  copy  of  "The  Definitive  Guide  to  Security  Inside 
the  Perimeter"  from  Realtimepublishers.  sponsored  by  Apani  Networks.  Go  to  www.apani.com/nwguide 
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Preventing  rogue  services 

One  analyst’s  guide  to  managing  complex 
service-oriented  architectures. 

BY  JAMES  KOBIELUS 

ervice-oriented  architecture  is  the  shape  of  distributed  computing 
in  the  Internet  Age.  At  the  heart,  SOA  is  a  set  of  practical  approaches 
for  designing  shareable,  reusable  services.lt  lets  enterprise  IT  groups 
treat  a  decentralized,  multiplatform  environment  as  a  unified  com¬ 
puting  fabric.  But  SOA  also  is  a  mess  waiting  to  happen. 


SDA  visualization 

This  screen  shot  shows  a  typical 
visual  interface  by  which  gover¬ 
nance  tools  —  in  this  case,  from 
AmberPoint’s  Services  Console  — 
map  and  model  services. 


By  encouraging  widespread  reuse  of  scattered  soft¬ 
ware  components,  SOA  threatens  to  transform  the  enter¬ 
prise  network  into  a  complex, sprawling  unmanageable 
mesh.  Left  ungoverned,  SOA  could  allow  anyone  any¬ 
where  to  deploy  a  new  service  at  any  time,  and  invoke 
and  orchestrate  that  service  —  and  thousands  of  others 

—  into  ever  more  convo¬ 
luted  messaging  patterns. 
In  such  an  environment, 
coordinated  application 
planning  and  optimiza¬ 
tion  become  fiendishly 
difficult.  In  addition,  rogue 
services  could  spring  up 
everywhere,  passing  them¬ 
selves  off  as  legitimate 
nodes  and  wreaking 
havoc  on  the  delicate 
trust  that  underlies  pro¬ 
duction  SOA. 

SOA  governance  refers 
to  the  industry’s  efforts  to 
establish  practices  and 
tools  for  managing  this 
mesh  and  enforcing  con¬ 
sistent  security,  perform¬ 
ance  and  other  policies 
across  the  service  life 
cycle.  SOA  governance 
tools  let  organizations 
continuously  model,  map, 
monitor  and  take  control 
of  their  distributed  environments.  Effective  governance 
ensures  that  the  enterprise  SOA  complies  with  all  appli¬ 
cable  regulatory,  competitive,  operational  and  other 


baseline  requirements. 

Vendors  of  SOA  governance  tools  are  forming  industry 
associations  to  popularize  approaches  for  design-time 
and  run-time  governance.  Last  month,  many  pure-play 
vendors  of  SOA  governance  tools  formed  SOA  Link,  an 
alliance  under  which  they  pledge  to  improve  interoper¬ 
ability  among  their  products.  Founding  partners  include 
AmberPoint,  Composite  Software,  Forum  Systems,  Infra- 
vio,  Intalio,  Iona,  JBoss,  Layer  7  Technologies,  LogicBlaze, 
NetlQ,  ParaSoft,  Reactivity,  SOA  Software,  SymphonySoft, 
webMethods  and  WS02. 

Organizational  process  changes  are  critical  to  SOA 
governance,  says  Miko  Matsumura,  vice  president  of 
marketing  and  technology  standards  at  Infravio.an  SOA 
governance  tool  vendor.  “SOA  governance  depends  on 
IT  governance  processes,  under  which  SOA  projects  are 
built  to  adhere  to  business  policies,”  Matsumura  says.  In 
addition,  he  says,  SOA  project  governance  requires  gov¬ 
erning  boards  in  which  there  is  a  “clear  conversational 
basis  between  business  and  IT  personnel,  focusing  on 
business  considerations." 

Enterprise  IT  groups,  especially  at  large  companies 
with  distributed  development  teams,  also  should  imple¬ 
ment  internal  centers  of  excellence.  These  would 
spread  SOA  governance  best  practices  and  application 
design  patterns  among  developers,  Matsumura  says. 

From  a  technological  standpoint,  SOA  governance 
demands  a  comprehensive  management  infrastructure 
that  spans  the  service  life  cycle  from  planning  through 
design,  development,  deployment,  operation  and  opti¬ 
mization.  SOA  governance  vendors  will  often  character¬ 
ize  their  tools  as  appropriate  for  design-time  vs.  deploy¬ 
time  vs.  run-time  usage  (or  all  three). 

Across  the  complete  SOA  life  cycle,  governance  tools 
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assist  enterprise  IT  in  planning,  developing,  deploying, 
monitoring,  optimizing  and  controlling  their  distrib¬ 
uted,  heterogeneous  application  environments.  SOA 
governance  infrastructure  also  helps  organizations 
ensure  the  continued  performance,  reliability,  availabil¬ 
ity  and  security  of  end-to-end  business  interactions 
within  their  SOAs. 

The  principal  technological  components  of  the  SOA 
governance  infrastructure  are  visual  service  modeling 
and  administration  tools;  service  registries  and  reposi¬ 
tories;  and  service-level  management  infrastructures. 

Visual  service  modeling  and  administration  tools 

Visual  modeling  is  at  the  forefront  of  SOA  governance, 
across  all  service  life-cycle  stages.  An  SOA  development 
tool  vendor  is  more  likely  to  boast  of  its  ability  to  support 
visual  modeling  in  the  Unified  Modeling  Language  than 
development  in  Java,  O  or  any  other  declarative  program¬ 
ming  language.  In  a  complex  SOA,  visual  modeling  is  the 
most  effective  approach  for  specifying,  implementing  and 
maintaining  the  end-to-end  orchestration  logic,  policies 
and  rules  upon  which  governance  depends. 

Every  SOA  platform  and  tool  vendor  provides  visual 
modeling  tools  for  SOA  governance.  Every  SOA  consul¬ 
tancy  deploys  visual  tools  to  support  their  various  plan¬ 
ning,  development  and  other  professional  services. 


As  a  governance  approach,  visual  modeling  isn’t  re¬ 
stricted  to  SOA  design  time.  Enterprise  architects  may 
feed  run-time  metrics  from  visually  oriented  SOA  mon¬ 
itoring  tools  into  their  SOA  application  models  to 
assess  how  best  to  tweak,  modify  and  optimize  an  oper¬ 
ational  SOA.  Some  call  this  governance  phase  the  SOA 
change  time. 

Service  registries  and  repositories 

Service  registries  are  primarily  used  in  SOA  design  time, 
though  they  often  have  run-time  functions  too.  Registries 
support  development,  publishing  and  management  of  the 
service  contracts,  policies  and  metadata  that  drive  SOA 
governance.  As  such,  they  provide  a  master  control  point  — 
or  policy  enforcement  point  (PEP)  —  where  services  can 
be  registered  and  discovered  in  an  SOA. 

Registries  may  include  configuration,  compliance  and 
constraint  profiles  on  services  and  associated  software 
artifacts.  Any  repository,  database,  catalog  or  other  node 
that  facilitates  registration,  discovery  and  retrieval  of  serv¬ 
ice  contracts,  metadata  and  policies  may  be  regarded  as 
a  registry 

The  principal  service  registry  vendors  fall  into  two 
camps.  On  the  one  hand  are  pure-play  vendors,  which 
provide  service,  policy  and  metadata  registries  and 
repositories.  Flashline,  Infravio,  LogicLibrary,  SOA 
Software  and  Systinet  (a  division  of  Mercury  Inter¬ 
active)  are  some  examples.  On  the  other  hand  are  SOA 
platform  vendors,  which  include  registries  as  a  compo¬ 


nent  of  integrated  product  suites  that  often  include 
application  servers,  portals,  database  management  sys¬ 
tems,  business  intelligence  tools,  integration  middle¬ 
ware  and  other  functional  components.  SOA  platform 
vendors  with  registries  include  BEA  Systems,  IBM, 
Microsoft,  Novell,  Oracle,  SAPSun  and  webMethods.The 
Universal  Description,  Discovery  and  Integration 
(UDDI)  standard  defines  one  of  the  principal  registry 
environments  for  SOA,  though  by  no  means  the  only. 

Most  pure-play  and  platform  vendors  also  provide 
SOA  development,  integration  and  management  tools. 
SOA  vendors  that  don’t  have  their  own  registries  often 
integrate  with  one  or  more  third-party  registries 
through  UDDI  V3  and  other  open  standards.  For  exam¬ 
ple,  HP  has  a  broad  range  of  SOA  development,  policy 
definition  and  run-time  governance  tools,  but  inte¬ 
grates  principally  with  Systinet’s  UDDI  registry.  And 
enterprise  service  bus  (ESB)  middleware  vendors,  such 
as  Fiorano  Software,  Sonic  Software  and  Tibco  Soft¬ 
ware,  integrate  with  third-party  UDDI  and  other  reg¬ 
istries  and  repositories. 

Most  commercial  service  registry  products  support 
the  following  SOA  governance  functions: 

•  Service  registration:  Application  developers,  also 
known  as  service  providers,  publish  their  functionality 
to  registries.  They  publish  their  services’  contracts, 
which  include  such  descriptive  attributes  as  service 
identities,  locations,  methods,  bindings,  configurations, 

See  SOA,  page  80 
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schemas  and  policies.  One  of  the  most  effective 
approaches  for  SOA  governance  is  to  restrict  what  sorts 
of  new  services  may  be  published  to  the  master  reg¬ 
istry,  by  whom,  with  whose  approvals  and  under  what 
conditions.  Increasingly,  developers  are  integrating  reg¬ 
istries  with  workflow  features  that  govern  how  services 
are  approved,  designed,  developed,  published,  ver¬ 
sioned  and  retired.  In  addition,  many  registries  include 
prescriptive  service  templates  that  may  be  required  to 
develop  services  that  will  be  published  to  the  registry. 

•  Service  location:  Service  consumers  —  in  other 
words,  application  developers  —  query  the  registry  to 
find  services  that  match  their  functional  requirements. 
The  registry  lets  the  service  consumer  retrieve  service 
contracts.  Controls  on  who  may  access  the  registry  and 
what  service  attributes  are  exposed  through  the  registry 
are  other  effective  means  of  SOA  governance,  and  are 
usually  supported  in  registry  products. 

•  Service  binding:  Service  consumers  use  the 
retrieved  service  contracts  to  develop  code  that  will 
bind,  invoke  and  interact  with  registered  services. 
Developers  often  use  integrated  development  environ¬ 
ments  for  the  automatic  binding  of  newly  created  serv¬ 
ices  to  the  various  protocols,  schemas  and  other  inter¬ 
faces  required  for  interprogram  communication.  Tool- 
driven  controls  on  service  binding  effectively  govern 
how  services  interact  across  the  ESB. 

One  of  the  emerging  best  practices  in  design-time  SOA 
governance  is  profile  management  within  the  registry  to 
indicate  a  service’s  current  life-cycle  stage  and  the  asso¬ 
ciated  policies  for  that  stage.  Atul  Saini.CTO  of  Fiorano 
Software,  describes  how  service  profiling  might  work  in 
the  development  stage: 

“One  might  want  to  run  a  service  on  a  particular 
machine  with  a  set  of  input  parameters.  The  machine 
name  and  parameters  become  part  of  the  development 
profile  attached  to  the  service.  Once  the  service  has 
been  developed,  it  can  be  promoted  to  the  quality- 
assurance  stage  and  run  on  a  different  machine  with 
different  parameters.  This  second  machine/parameter 
set  becomes  a  new  profile.  In  this  way,  multiple  profiles 
can  be  created  for  a  given  service,  and  the  service  can 
be  moved  between  various  stages  in  its  life  cycle  by 
simply  associating  different  profiles  with  the  service  at 
any  time,”Siani  says. 

Profile  management  often  presumes  that  a  develop¬ 
ment  organization  has  a  structured  procedure  for  pro¬ 
moting  services  to  the  next  stage.  Some  SOA  develop¬ 
ment  tools  include  embedded  workflow  environments 
that  help  organizations  address  this  aspect  of  design¬ 
time  governance.  For  example,  LogicLibrary’s  Logidex 
tooi  “helps  development  organizations  configure  check¬ 
points,  roles  and  multistep  workflows  into  the  SOA 
development  process,”  says  Brent  Carlson,  the  compa¬ 
ny’s  CTO  and  co-founder. 

“You  can  automate  the  review  and  validation  steps 
involved  in  promoting  a  service  to  the  next  stage  — 
such  as  validating  a  [Web  Services  Description 
Language]  definition  against  the  organization’s  partic¬ 
ular  set  of  WS-*  standards  —  and,  if  the  definition  is 
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found  to  be  nonconformant,  kick  it  back  to  the  devel¬ 
oper  for  correction  before  the  service  can  be  pub¬ 
lished  to  the  registry”  he  says. 

Service-level  management  infrastructures 

Often,  commercial  registry  products  integrate  with 
one  or  more  service-level  management  (SLM)  products, 
from  the  same  or  third-party  vendors. SLM  tools  are  prin¬ 
cipally  employed  in  SOA  run  time.  They  enable  policy- 
driven  monitoring,  optimization  and  control  of  the  SOA 
in  accordance  with  service-level  agreements  (SLA). 
Hence,  they  can  be  used  to  govern  the  flow  of  ESB  traf¬ 
fic  among  registered  services,  endpoints  and  users. 

SLM  tools  —  or  Web  services  management  infrastructure 
—  differ  from  traditional  network,  system  and  application 

SOA  tools  in  action 

AARP,  the  Washington,  D.C.,  nonprofit 
dedicated  to  making  life  better  for  people 
50  and  older,  has  developed  and  deployed 
an  enterprise  service-oriented  architec¬ 
ture.  Go  to  “AARP  advances  Web  servic¬ 
es,"  page  82  to  check  out  how  it  plans  on 
securing,  monitoring  and  managing  Web 
services  across  its  distributed  enterprise. 

management  tools  in  their  focus  on  application-layer  mes¬ 
sage  inspection  and  its  triggering  of  automated  policy  rules 
based  on  headers,  payloads,  senders  and  other  message 
attributes.  SLM  environments  enable  end-to-end  service- 
level  monitoring  through  centralized  correlation  of  traffic- 
triggered  events  and  metrics. 

SLM  environments  enforce  governance  policies  on  ESB 
message  traffic  through  run-time  components  called 
agents.  The  agent  is  the  principal  PEP  for  run-time  SOA 
governance  (just  as  the  registry  is  the  principal  PEP  for 
design-time  SOA  governance).  An  agent  is  any  functional 
component  that  intercepts,  inspects,  filters,  transforms, 
routes  or  accelerates  processing  of  production  XML, Simple 
Object  Access  Protocol  (SOAP)  and  other  content  inter¬ 
changes  between  services. 

An  agent  may  be  deployed  as  an  intermediary  node 
(such  as  in  a  proxy  server  or  specialized  hardware  appli¬ 
ance)  or  within  an  application  server  (typically  integrated 
with  that  server’s  SOAP  engine,  or  embedded  in  a  co¬ 
processor  board). 

SLM  environments  let  IT  administrators  determine,  for 
example,  whether  end-to-end  latencies  and  response 
times  on  SOAP  traffic  have  exceeded  predefined  QoS 
thresholds.  Many  allow  dynamic  rerouting  of  SOAP  mes¬ 
sages  to  improve  QoS.  Some  tools  also  can  serve  as 
application-layer  firewalls. 

The  SLM  environment  should  let  organizations  detect 
rogue  services  in  their  SOA  and  take  appropriate  actions, 
says  Dan  Foody,  CTO  of  Sonic  Software.'A  rogue  service 
is  one  that  never  went  through  the  necessary  approval 
process  [during  design  time], You  need  an  infrastruc¬ 
ture  that  can  automatically  detect  rogue  services,  vali¬ 
date  and  register  them,  and  then  push  them  through  the 
approval  process.  Until  approved,  a  rogue  service  may 


be  quarantined  or  subjected  to  tighter-than-normal 
security” 

An  SLM  console  is  the  principal  run-time  monitoring  and 
administration  node  for  SOA  governance.  SLM  consoles 
also  support  real-time  visualization  and  control  of  the  end- 
to-end  behavior  of  an  SOA  in  run-time.  Enterprises  can 
deploy  consoles  in  centralized  or  decentralized  configura¬ 
tions  and  can  access  them  through  browsers,  SOAP  inter¬ 
faces,  vendor-proprietary  GUIs  or  other  means. 

Enterprise  IT  can  integrate  SLM  consoles  into  broader 
management  suites  that  also  handle  application, system  or 
network  management.  Enterprises  usually  deploy  SLM  con¬ 
soles  in  conjunction  with  registries  or  repositories  of 
administrator-defined  SLAs  and  other  policies.  Increasingly 
SLM  consoles  connect  to  distributed  agents  through  Web 
Services  Distributed  Managements  set  of  Organization 
for  the  Advancement  of  Structured  Information 
Standards  standards. 

SLM  pure  plays  include  Actional  (a  unit  of  Progress 
Software),  AmberPoint,  Reactivity  and  SOA  Software 
(which  recently  acquired  another  pure  play,  Blue  Titan). 
Platform  vendors  with  SLM  tools  or  embedded  func¬ 
tionality  include  BEA,  HR  IBM  Tivoli,  Oracle  and  web- 
Methods.  Tibco  has  announced  plans  to  include  SLM 
and  a  UDDI  registry  in  its  Project  Matrix  SOA/ESB  offer¬ 
ings  later  this  year. 

SOA  platform  vendors  will  continue  to  add  compre¬ 
hensive  SLM  features  to  their  product  architectures,  as 
well  as  such  ESB  features  as  dynamic  content-based 
routing  and  distributed  transactions. 

To  address  scalability  and  performance,  more  vendors 
will  begin  packaging  SLM  agents  as  hardware  appli¬ 
ances.  IBM’s  DataPower  Technology  group  is  a  pioneer 
in  the  SLM  appliance  market.  Other  vendors,  such  as 
Cisco  with  its  Application-Oriented  Networking  (AON) 
product  family,  will  provide  intermediary  appliances 
that  operate  as  PEPs  for  run-time  SOA  governance. 
Appliances  enable  run-time  governance  tools  to  “allo¬ 
cate  [million  instructions  per  second]  flexibly  through 
an  SOA  based  on  changing  workloads,”  says  Bill  Ruh, 
managing  director  of  Cisco’s  AON  services  team. 

But  fundamentally,  SOA  governance  comes  down  to 
corporate  culture,  not  technological  plumbing.  Enter¬ 
prises  also  will  need  to  sustain  an  IT  governance  culture 
that  encourages  maximum  service  reuse,  through  a  full 
slate  of  SOA-focused  training,  incentives,  visual  develop¬ 
ment  tools  and  best  practices.  Corporate-standard  poli¬ 
cies  and  design  patterns  must  be  embedded  in  devel¬ 
opment  tools,  and  instilled  through  an  all-pervading  IT 
ethos.  And  the  IT  culture  always  must  be  driven  by  the 
business  governance  environment,  leveraging  reusable 
services  to  maximize  return,  agility,  visibility  and 
accountability. 

A  well-governed  SOA  provides  a  platform  to  harness  the 
organization’s  full  resources  for  competitive  advantage. 
The  alternative  is  a  mess  of  myriad, scattered,  poorly  inte¬ 
grated  services  operating  at  cross-purposes. 

Kobielus  is  a  principal  analyst  at  Current  Analysis.  He 
can  be  reached  at  703-340-8134  or  jkobielus@current- 
analysis.com.  Tune  into  his  blog  at 
http://jkobielus.blogspot.com.  The  opinions  expressed 
are  his  own. 
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An  SOA  opens  up  new 
business  opportunities. 


Web  services 


BY  BETH  SCHULTZ 


he  AARP  is  dedicated  to  making  life  better  for  people  50  and  older, 
offering  its  35  million  members  discounts  on  insurance,  travel  and 
more.  Likewise,  IT  executives  are  dedicated  to  providing  an  applica¬ 
tion  infrastructure  of  easily  consumable  Web  services  —  for  use  by 
the  business  partners  serving  AARP  members. 
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BRIAN  COYLE, 
application  architect,  AARP 
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With  Web  services,  AARP  cuts  the  development  time 
needed  for  point-to-point  integration  between  its  core  mem¬ 
bership  back-end  application  and  a  business  partner’s  front- 
end  membership  application  from  months  to  nil,  says  Brian 
Coyle,  application  architect  at  the  Washington,  D.C.,  nonprof¬ 
it  formerly  known  as  the  American  Association  of  Retired 
Persons.  AARP  simply  needs  a  couple  of  days  to  coordinate 
security  and  delivery  of  the  Web  services  to  the  business 
partner.  In  turn,  the  business  partner  realizes  a  similar  reduc¬ 
tion  in  development  time,  he  adds. 

While  Web  services  do  let  internal  and  external  applica¬ 
tion  developers  work  more  efficiently,  the  bigger  motivation 
is  improved  customer  service  for  AARP’s  members, Coyle 
says.Thats  why  the  organization  has  embraced  a  service-ori¬ 
ented  architecture  (SOA)  as  the  underpinning  for  its  New 
Data  Center-focused  application  development  strategy 
“A  services-oriented  strategy  lets  AARP  provide  real-time 
membership  data  to  business  partners  so  they  can  provide 
the  best  possible  customer  service  to  members,” Coyle  says. 

AARP  embarked  on  its  services-oriented  strategy  three 
years  ago  as  it  planned  how  best  to  integrate  a  new  third- 
party  call  center  with  its  core  membership  back-end  appli¬ 
cation,  called  Konnex.  Running  on  a  mainframe,  Konnex 
handles  all  membership  functions  —  dues  processing, 
account  updates, contact  management  and  the  like.lt  acts  as 
the  central  rules  repository  to  which  all  business  partner 
membership  applications  interface. 

Previously,  the  interaction  between  a  third-party  call  center 
and  Konnex  would  have  taken  place  via  batch  processes  or 
through  an  AARP-developed  client/server  application  that 
the  call  center  would  then  host.  But  with  batch  processes 
came  overhead  costs  associated  with  transferring  and  load¬ 
ing  files  and  the  need  to  create  comprehensive  exception  processes, Coyle  says.'And  using  AARP-developed  applications 
forced  business  partners  to  use  multiple  front-end  applications  to  service  members,”  he  adds.  Developers  for  AARP  and 
the  business  partners  needed  months  to  accomplish  the  integration.  For  example,  letting  an  AARP  member  access  and 
update  account  information  via  the  Web,  through  an  interactive  voice  response  system  or  by  calling  a  contact  center, 
meant  creating  three  distinct  business  processes.  With  Web  services,  those  user  interfaces  access  the  same  business 
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process.  “Obviously  this  is  a  great 
savings  in  cost  and  development 
time,”  Coyle  says. 

Under  the  SOA  strategy  AARP’s 
application  architects  broke  the 


core  Konnex  functionality  into  30 
reusable  Web  services,  and  they 
migrated  from  a  Sybase  Power¬ 
Builder-based  client/server  appli¬ 
cation  infrastructure  to  a  service- 
oriented  model  using  BEA  Web- 
Logic  application  servers.  This  ini¬ 
tial  Web  services  project  took  less 


than  a  year  to  complete,  Coyle 
says.  Since  completing  it,  IT  has 
provided  the  Konnex-related  Web 
services  to  eight  companies  that 
offer  insurance,  marketing  and 
travel  services  to  AARP  members. 
As  of  late  winter,  AARP  handles 
about  100,000  Web  services  trans¬ 


actions  daily  from  the  third-party 
call  center  and  additional  busi¬ 
ness  partners,  Coyle  says. 

Today  IT  readies  the  Web  serv¬ 
ices  for  delivery  to  its  business 
partners  manually  in  a  process 
that  requires  some  coding  for 
security  and  management,  Coyle 


says.  As  more  business  partners 
request  Web  services,  IT  would 
one  day  like  to  use  an  off-the-shelf 
SOA  security  and  management  in¬ 
frastructure  tool,  he  adds. 

AARP  has  been  pilot  testing  SOA 
Software’s  Service  Manager  soft¬ 
ware  suite  for  securing,  monitoring 
and  managing  Web  services 
across  distributed  enterprises,  and 
plans  to  deploy  the  software  for 
production  purposes  next  month. 
Service  Manager  uses  the  Uni¬ 
versal  Description,  Discovery  and 
Integration  (UDDI)  specifications 
that  will  enable  AARP  to  publish 
information  about  its  Web  serv¬ 
ices.  Its  business  partners  could 
search  that  metadata  to  find  and 
run  the  Web  services. 

“Service  Manager  will  help  us 
provision  Web  services  by  taking 
some  of  the  security  out  of  code 
and  allowing  us  to  create  virtual 
services,”  he  says. 

“We  have  security  and  manage¬ 
ment  in  place  now.  We ’re  just  look¬ 
ing  to  see  if  we  can  find  a  better 
way  to  do  this  —  and  I  think  we 
can,”  he  explains. 

Coyle  also  notes  that  AARP’s  in¬ 
terest  in  Web  services  goes  beyond 
the  membership  services  busi¬ 
ness.  His  next  target  will  be  the 
organization’s  volunteer  informa¬ 
tion  management  system,  a  Java 
application  with  its  own  front-end 
and  back-end  functionality 

“I’d  like  to  do  the  same  thing  for 
it  that  we  did  with  the  member¬ 
ship  application  —  break  it  into 
core  functions  and  sit  any  plat¬ 
forms  on  top  of  it,”  he  says.“Then 
we  can  provide  users  of  that  appli¬ 
cation  —  the  volunteer  leaders  — 
more  flexibility!’ 

As  the  application  architects 
look  to  Web  service-enable  the 
volunteer  information  manage¬ 
ment  system  and  AARP’s  other 
major  applications,  Coyle  says 
he’ll  bear  in  mind  his  experiences 
with  the  initial  call-center  project. 

“The  major  lesson  learned,”  he 
says, “is  to  design  the  Web  services 
generically  enough  [and  using 
standards  such  as  SOAP]  so 
they  are  functional  for  a  wide  vari¬ 
ety  of  users. We  developed  this  first 
set  of  Web  services  for  the  third- 
party  call  center,  but  because  we 
did  a  good  job  providing  generic 
functionality  now  all  these  differ¬ 
ent  partners  can  access  them.”H 
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Application  dependency  mapping  is  the  tool 
you  need  to  align  IT  with  the  business. 


BY  JULIE  BORT 


As  you  move  into  next- 

generation  network 
management,  here’s  a 
phrase  that  will  help  to 
unlock  the  promise  of  it  all:  application 
dependency  mapping.  Because  the  net¬ 
work  industry  is  fond  of  acronyms,  I’ll 


refer  to  this  as  “ADM.” 

But  before  we  get  into  the  growing  in¬ 
fluence  of  ADM,  let’s  connect  the  dots.  As  you 
know,  the  New  Data  Center  is  all  about  the 
application  and  ultimately  the  business 
process.  Application  users  don’t  care  about 
routing  tables  and  WAN  acceleration  devices. 
They  want  their  critical  applications  to 
work  beautifully  every  time  they  are  needed.  From  a  net¬ 
work-management  perspective,  IT  makes  this  happen  by 
ensuring  that  applications,  and  all  components  that  sup¬ 
port  them,  work  properly  all  the  time,  or  that  they  fail  over 
when  they  run  into  trouble.That  works  fine  when  things  are 
simple  and  money  is  plentiful. 

Yet  the  strategy  that  “all  devices  are  equal”  in  the  eyes  of 
the  network-management  tool  begins  to  crumble  as  com¬ 
plexity  rises  and  budgets  get  tight.  A  far  more  efficient  way 
to  manage  the  infrastructure  is  to  ensure  that  priority  is 
always  given  to  the  devices  that  shoulder  the  mission-criti¬ 
cal  applications.  That’s  a  wonderful  concept  —  the  prob¬ 
lem  is  that  network-management  tools  are  not  designed  to 
look  for  business  processes. 

Enter  ADM,  which  automatically  maps  applications  to  the 
infrastructure  showing  what  components  the  applications 
touch  as  they  use  the  network.  Products  that  perform  this 
task  mine  configuration  files,  port-allocation  tables  and 
device-level  management  data  to  analyze  and  determine 
application  dependencies.  The  technology  isn’t  new.  For 
instance,  in  2002  industry  leader  Relicore  began  shipping 
Clarity  which  discovers  application  dependencies  in  real 
time. 

Despite  its  history, ADM  is  only  now  beginning  to  generate 
buzz,  in  part  because  industry  heavyweights  have  begun 
swallowing  the  start-ups  that  founded  this  niche.  Mercury 
Interactive  launched  such  activity  in  mid-2004  with  the 
acquisition  of  Appilog,  but  IBM  and  Symantec  validated  it 


As  important  as  [applica¬ 
tion  dependency  mapping! 
is  becoming,  understand 
that  the  technology  is 
young  and  vendor  imple¬ 
mentations  vary  widely. 


with  their  November  2005  and  February  2006  purchases  of 
Collation  and  Relicore,  respectively  Adoption  will  now  be¬ 
gin  to  soar,  with  ADM  running  on  about  500  clients  by  year’s 
end,  nearly  1,500  by  2007  and  4,000  by  2010,  according  to 
Forrester  Research  in  its  report  ‘Application  Mapping  for 
the  CMDB,Q1  2006.” 

While  ADM  may  be  gaining  notice  because  of  market 
gyrations,  the  growing  urgency  of  compliance  will  push 
network  executives  to  embrace  it.  Compliance  is  forcing 
network  executives  to  find  ways  to  meet  auditors’  demands 
without  killing  their  IT  budgets.  In  a  recent  Cutter  Con¬ 
sortium  survey  of  132  IT  executives  worldwide,  about  one- 
third  of  respondents  said  they  didn’t  think  their  budgets 
would  increase  to  cover  the  costs  of  compliance.  Using 
generally  accepted  standards  such  as  the  Information 
Technology  Infrastructure  Library  (ITIL)  can  ease  the  audit¬ 
ing  process  and  the  costs  associated  with  it.  ADM  capabili¬ 
ties  are  nestled  within  the  configuration-management  data¬ 
base  (CMDB),  a  core  requirement  for  ITIL.  Conversely 
CMDB  capabilities  also  have  been  added  to  products  that 
began  life  primarily  to  perform  ADM. 

In  either  case,  the  two  product  genres  have  more  or  less 
merged.  Leading  products  include  CAs  Sonar,  Cendura’s 
Cohesion,  IBM/Collation’s  Confignia,  Mercury’s  Appilog, 
nLayers’  Insight,  Relicore’s  Clarity  (which  Symantec  prom¬ 
ises  will  remain  a  stand-alone  product),  BMC  Software’s 
Atrium  and  Tideway  System’s  Foundation,  Forrester  says. 
Despite  the  market  pressure, ADM-specific  tools  are  not  uni¬ 
versally  available  from  network-management  players. 
Notably,  HP  has  not  entered  the  market  on  its  own.  It  relies 
on  Relicore,  an  OpenView  partner. 

As  important  as  ADM  is  becoming,  understand  that  the 
technology  is  young  and  vendor  implementations  vary 
widely  Some  of  these  products  use  active  discovery,  which 
scans  the  infrastructure  at  scheduled  times.  Some  use  pas¬ 
sive  discovery  which  monitors  and  analyzes  in  real  time. 
Some  use  agents;  some  don’t.  Some  vendors,  notably  the 
larger  ones,  focus  on  integrating  their  ADM/CMDB  tools 
with  other  network-management  components,  while  oth¬ 
ers  have  created  stand-alone  tools. 

Network  executives  considering  ADM  also  should  look  at 
how  these  products  detect  change,  how  deep  into  configu¬ 
ration  files  each  product  can  go  and  how  the  information 
collected  is  maintained.  Such  investigation  will  be  worth 
your  while.  For  network  executives  in  search  of  the  man¬ 
agement  component  for  their  New  Data  Center  infrastruc¬ 
tures,  ADM  holds  critical  answers.* 
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of  cable  sharing,  Siemon's  fully-shielded  category  7/class 
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multiple  applications  to  run  without  internal  interference. 

S/FTP  cable  construction  is  further  supported  by  the 
TERA  4-quandrant  isolated  outlet  which  can  be  easily 
terminated  in  less  than  three  minutes.  Fitting  within  a 
standard  RJ  footprint,  the  combination  of  the  TERA  outlet 
and  TERA  to  RJ  patch  cords  allows  simple  facilitation  of 
cable  sharing.  As  with  traditional  cabling  channels,  all 
four  pairs  of  each  cable  are  terminated  in  a  single  outlet. 
Flowever,  unlike  an  RJ  interface,  the  TERA  outlet  can 
support  up  to  4  one-pair  cords,  2  two-pair  cords  or  a 
combination  of  the  two,  without  the  need  for  additional 
splitters  or  adapters. 

Depending  on  the  applications,  a  singleTERA  cable  can 
replace  up  to  four  copper  channels.  With  copper  prices 
significantly  raising  the  cost  of  cable,  this  reduction  in 
total  cable  runs  can  provide  an  immediate  cost  benefit. 
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OVERVIEW:  RealOps  is  a  proven  IT  Process  Auto¬ 
mation  solution  that  bridges  people,  processes,  and 
technology  within  IT  operations  —  enabling  customers 
to  speed  execution  of  critical  IT  service  functions, 
minimize  business  service  downtime,  and  reduce 
operations  costs. 

CHALLENGE:  Businesses  today  more  than  ever 
before  have  become  critically  dependent  on  the  infra¬ 
structure  and  business  applications  that  support  key 
operational  functions  across  the  enterprise.  One  of  the 
greatest  mandates  facing  IT  today  is  to  align  itself  more 
fully  with  the  needs  and  priorities  of  the  business.  Yet, 
with  the  vast  number  of  technologies,  platforms,  security 
considerations,  etc.,  in  addition  to  the  procedural  com¬ 
plexity  and  organizational  fragmentation  that  commonly 
exist,  the  chasm  between  IT  and  the  business  continues 
to  grow.  Add  to  this  the  financial  realities  in  which  IT  is  . 
being  expected  to  “do  more  with  less, "and  the  dynamics 
combine  for  a  daunting  challenge. 

SOLUTION:  A  lot  of  attention  has  centered  recently 
around  the  adoption  of  ITIL  and  other  ITSM  process 
paradigms  as  a  means  to  help  drive  process  maturity 
to  better  deal  with  these  challenges.  But  in  the  end, 
process  maturity  and  operational  discipline  are  really 
stepping  stones  toward  implementing  procedural  or 
IT  Process  Automation  (ITPA). 

RealOps  delivers  an  ITPA  software  solution  called  AMP 
that  enables  IT  organizations  to  procedurally  define 
and  automate  common,  repeatable  operational  pro¬ 
cesses  in  order  to  drive  efficiency,  predictability,  and 
responsiveness.  RealOps  AMP  provides  capabilities 
such  as  pre-defined  ITIL-based  process  templates,  the 
ability  to  design  and  schedule  routine  or  customized 
process  workflows,  and  the  ability  to  automate 
responses  on  a  condition-based  level.  AMP  utilizes 
adapters  to  easily  integrate  with  the  most  prevalent 
trouble  ticketing,  event,  performance,  configuration, 
and  asset  management  tools  found  in  most  IT  envi¬ 
ronments.  AMP  has  the  flexibility,  scalability,  security, 
and  extensibility  required  to  support  any  enterprise 
IT  environment,  yet  can  be  deployed  rapidly  to  enable 
immediate  process  automation  in  support  of  IT  Service 
Management  objectives. 
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800-945-4200 

www.siemon.com 


877-6-REALOPS  •  877-673-2567 
www.realops.com 


COMPANY:  Active  Power 

OVERVIEW:  CleanSource®  UPS  is  an  innovative,  green 
solution  that  provides  power  conditioning  and  glitch 
protection  for  today's  data  center  using  a  proven,  low- 
maintenance  flywheel  for  energy  storage,  thus  eliminat¬ 
ing  the  need  for  problematic  lead-acid  batteries. 

CHALLENGE:  As  energy  densities  rise  in  modern  data 
centers,  causing  space  constraints  and  heat  issues,  data 
center  managers  are  faced  with  some  tough  decisions  in 
order  to  survive  in  an  extremely  competitive  environment: 

•  Flow  can  I  upgrade  the  power  system  in  my  data 
center  without  sacrificing  raised-floor  space? 

•  My  blade  servers  are  producing  more  heat  than  ever. 

Is  there  anything  I  can  do  to  mitigate  heat  build-up 
from  other  sources? 

•  What  if  I  already  have  a  battery-based  UPS,  and  it's 
almost  time  to  replace  my  batteries? 

SOLUTION:  Active  Power's  CleanSource  UPS  is  a 
proven,  innovative  solution  to  today's  data  center  con¬ 
cerns.  Using  a  line-interactive  topology,  the  CleanSource 
UPS  conditions  power  to  your  racks  using  state-of-the-art, 
fast-switching  IGBT  (Insulated  Gate  Bipolar  Transistor) 
electronics.  Because  of  the  wide  ambient  temperature 
range  of  CleanSource  UPS,  operating  from  0-40°C,  your 
power  conditioning  equipment  can  even  be  located 
outside  your  data  center,  freeing  up  valuable  space  for 
more  server  racks. 

•  With  the  extreme  power  density  that  flywheels  pro¬ 
vide,  the  CleanSource  UPS  1 200  can  supply  1  mega¬ 
watt  of  power  in  only  75  square  feet,  and  can  be 
paralleled  up  to  3.6MVA.This  green,  low-maintenance 
solution  provides  consistent,  clean  power  to  your 
servers,  and  bridges  to  your  generator  in  the  event 
of  a  full  power  outage  for  seamless  operation  of  your 
data  center,  7x24x365. 

•  For  every  watt  of  power  used  by  IT  equipment  in 
data  centers  today,  another  watt  or  more  is  typically 
expended  to  remove  waste  heat.  Operating  with 
energy  efficiencies  of  95%  and  above,  the  CleanSource 
UPS  typically  introduces  50%  less  heat  into  the  environ¬ 
ment  than  a  conventional  double-conversion  UPS. The 
higher  efficiency  and  lower  FIVAC  requirements  result 
in  considerable  savings  in  operational  expenses. 

•  If  you  already  have  a  double-conversion  UPS,  consider 
the  CleanSource  DC,  a  plug-compatible  replacement 
for  lead-acid  batteries  that  can  provide  500kW  of  DC 
power  in  a  single  cabinet. 

Contact  Active  Power  today  to  learn  more  about  reliable 
power  quality  solutions.  Or,  visit  our  website  for  more 
information.  E-mail  address:  info@activepower.com 

Active  Power 

877-Flywheel  *  877-359-9433 
www.activepower.com 


A  Pentair  Company 


I  need  modular  racks  that  I  can  reconfigure  quickly, 

I  need  to  pull  12,000  feet  of  optical  fiber  and  add  700 
rack  units  of  new  hardware— by  Friday. 


I  need  Hoffman. 


Get  datacom  protection  and  storage  built  to  meet  demanding  standards. 

More  technology  professionals  turn  to  Hoffman  for  their  networking  equipment  needs.  Hoffman  offers: 

■  The  broadest  range  of  innovative  racks,  cabinets,  cable  management  solutions  and  network  accessories. 

■  Comprehensive  online  configuration,  planning  tools  and  project  management  support. 

B  The  most  standard  product  modification  options  in  the  industry. 

■  Expert  solutions  in  thermal  management,  EMI/RFI  shielding,  seismic  vibration  and  extreme  environments. 

■  Fast  ordering  and  local  availability. 

Get  everything  you  need — when  you  need  it — from  one  source  you  can  trust.  Hoffman. 


www.ehoffman.  com 


Hoffman.  What  your  work  demands. 


02006  Hoffman  Enclosures  Inc. 
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MANAGEMENT  STRATEGIES 

CAREER  DEVELOPMENT  R  PROJECT  MANAGEMENT  ■  BUSINESS  JUSTIFICATION 


Storage  staffing  and  spending 

ThelnfoPro  study  shows  backup  consumes  big  chunks  of  budgets. 


BY  ROBERT  STEVENSON  AND  JONATHAN  TALLMAN 

The  wild  expansion  of  data  requiring 
replication  and  protection  is  a  key 
challenge  for  IT,  according  to  a  recent 
biannual  storage  study  by  ThelnfoPro,  an 
IT  market  research  company. 


Administrators  are  charged 
with  data  protection,  provision¬ 
ing,  user  support,  compliance 
and  transparent  backup,  to  name 
a  few. 

“We  do  thousands  of  backups, 
and  our  greatest  challenge  is 
keeping  up  with  them,  making 
sure  they  will  run.  It  is  a  lot  of 
work,”  says  one  member  of  the 
TIPNetwork,  ThelnfoPro's  panel 
of  enterprise  users. 

The  study  found  nearly  10%  of 
companies  with  backup  systems 
spend  more  than  $5  million 
annually  on  backup  hardware, 
and  about  9%  of  companies  with 
backup  systems  spend  at  least  $1 
million  on  backup  software.That 
can  be  a  real  drain  on  overall 
storage  budgets. 

To  cope  with  such  explosive 
growth,  storage  professionals  are 
turning  to  virtual  tape  technolo¬ 
gy.  According  to  ThelnfoPro  re¬ 
search,  39%  of  storage  pros  in¬ 
tend  to  spend  more  money  on 
virtual  tape  libraries  (VTL)  in 
2006  than  they  did  in  2005. 

For  any  manager  who  has  felt 
the  urge  to  break  robotic  arms  or 
who  has  plucked  out  a  new  bald 


spot  waiting  for  the  tape  to 
recover  a  lost  piece  of  data,  VTL 
should  prove  helpful. 

Stevenson  is  managing  direc¬ 
tor  of  ThelnfoPro.  He  can  be 
reached  at  rstevenson@theinfo 
pro.net.  Tollman  is  a  research 
associate  at  ThelnfoPro.  He  can 
be  reached  at  jtallman@theinfo 
pro.  net. 


Team  size 

Storage  department  head 
count  varied  greatly 
among  those  surveyed. 


More  than  50  2% 


10  to  50 

22%  5  to  9 

27% 


Time-consuming  tasks 

Storage  professionals  perform  many  functions. 


Working  with  users  to  define 
requirements  9% 


Negotiating  purchases  5% 
Storage  switch  administration  6% 

Working  with  vendors  to 
troubleshoot  products  7% 


Storage  performance 
troubleshooting  8% 


Meetings  and  staff  management  10% 


Backup 

administration 

18% 


Storage 

provisioning 


Storage  reconfiguration  10% 


’Percentages  do  not  add 
up  to  100  due  to  rounding. 


Storage  spending 

Enterprises  anticipate 
spending  a  lot  on  storage 
this  year. 


Less  than  $6  million  to 

S750.000  $10  million  9% 


19% 


$2.5  million  to 
$6  million 

26% 


Budget  breakdown 

Storage  gear  consumes 
more  than  half  of  typical 
storage  spending. 


Staffing  14% 


Hardware 

56% 


Storage  professionals  anticipate  how  their  spending  will  change  in  the  next  12  to  18  months. 


Amount  spent 

Virtualization 

Storage  switch 

Backup  software 

Backup  hardware 

Fixed  content 

NAS 

SAN 

Storage  resource  mgmt. 

More 

14% 

20% 

22% 

27% 

0% 

41% 

30% 

9% 

Less 

50% 

37% 

35% 

30% 

29% 

26% 

26% 

24% 

About  the  same 

'36% 

43% 

43% 

43% 

71% 

32% 

44% 

67% 

Storage  challenges 

Managing  storage  growth 
is  the  biggest  pain  point  for 
storage  professionals. 

Other  3% 

Vendor  management  2% 

Dealing  with  hardware  failures  2% 
Backup  retention  3% 

Managing  storage  equipment  3% 
Application  recoveries  3% 

Dealing  with  performance  problems  5% 
Regulatory  compliance  7% 

Archiving  and  archive  management  9% 
Storage  provisioning  11% 

Managing  costs  13% 

Lack  of  integrated  tools  13% 

Data  mobility  14% 

Backup  administration  and  mgmt.  20% 
Capacity  and  storage  reporting  41  % 
Managing  storage  growth  45% 


Administrative 

workload 

Storage  pros  oversee  big 
bytes,  according  to  the 
number  of  full-time 
storage  administrators 
per  terabyte  of  storage 
under  management. 

100  to  200TB  More  than  200TB  9% 
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S  A  DIRTY  DATA  CENTER 
KILLING  YOUR  SERVERS? 


Smaller  chips,  lower  voltage  levels,  and  higher  clock  speeds  make  today’s  servers 
more  susceptible  than  ever  to  environmental  failures.  Contaminates  with  moisture 
easily  create  semi-conductive  bridges  between  component  leads.  Don't  risk  bit 
errors,  packet  loss,  and  outright  failure  to  dust  and  dirt! 


24/7  Cleaning  &  Maintenance: 

Data  Center  Cleaning 
Cleanroom  Cleaning 
Post-Construction  Cleaning 
Zinc  Whisker  Remediation 
Access  Floor  Repairs 
Concrete  Prep  &  Sealing 
Seismic  Mitigation 


IF  IT’S 

MISSION  CRITICAL 
IT'S  GOT  TO  BE 
DATA  CLEAN! 


Environmental  Consulting: 

Cooling  Analysis 
Airborne  Particle  Counts 
Hotspot  Remediation 
Contamination  Source  Identification 


The  Controlled  Environment  Cleaning  Specialists 


In  the  US:  (800)  328-2256 

In  Canada:  (800)217-6146  WWW.DATACLEAN.COM 

In  Singapore:  (65)  6559  3490 
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networkTAPs  # 
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TAP  Into  Your  Network 

Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper nTAPs 


10/100 . $395 

10/100/1000 . $795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . 


$1,495 


Optical  nTAPs 


One-Channel . $295 

Two-Channel . $575 

Three-Channel . $845 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery* 


F©  C€ 


*Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
r?TAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 


TM 


Everything  You  Need  for  Remote  Network  Management 


Consol©  Ports  +  Power  Control  +  Dial-Up  Modem  ■  1U 


Web  Browser  Interface 


Wll  Comole  I  Nut  Min, lament  Switches  Mitmtol*  Internet  I  Mploiei 


pt  £dt  $ew  Favorite*  Jocfc  ftaip 


The  CMS-6R4  Console  Management  Switch  is  the  ultimate  tool  for  economical 
Remote  Network  Management.  Six  serial  ports  to  access  you  equipment’s  console 
ports,  Four  power  outlets  to  perform  remote  reboot  or  On/Off  control  plus  an  internal  modem 
with  dial-back  features  for  secure  out-of-band  access  -  all  in  a  space  saving  1 U  package!  System 
administrators  can  access  remote  devices  from  anywhere  via  telnet,  dial-up,  local  terminal  or  KVM  switch. 


■  Web  Browser  Access  for  Easy  Setup  and  Operation 

■  Telnet,  Internal  Modem  and  Serial  Access 

■  Four  Individually  Switched  Power  Outlets 

■  Six  DB-9  Serial  Console  Ports 

■  Port  Specific  Password  Protection 

■  Dial-Back  Security  on  Modem  Port 

■  Requires  Only  One  Rack  Unit 

■  Non-Connect  Port  Buffering 
a  Data  Rate  Conversion 

■  120  VAC  Model  -  NEMA  5-15  Outlets 

■  208/240  VAC  Model  -  IEC320  Outlets 
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Visit  Website  for  Complete  NetReach™  Product  Line 

(800)  854-7226  •  www.wti.com 
5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 


Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Demo 


.  . . .  .  . . 

western  telematic  incorporated 


Quadra  Vista 


VIEW  FOUR  COMPUTERS 

ON  A  SINGLE  MONITOR  SIMULTANEOUSLY 


VGA  &  DVI 


USB  &  PS2 


HIGH  QUALITY  VIDEO 


PiP  MODE 
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HDTV 


See  us  at  C3  EXPO,  New  York  City,  Booth  #3333 
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::  Ultra  Matrix™  Remote 

control  up  to  1,000  computers  and 
network  devices  over  IP 

State  of  the  art  security 
High  resolution 
On-screen  menu 
USB  /  PS2 
Serial  Access 


DIGITAL  KVM  OVER  IP 
SIMPLY  THE  BEST ... 

No  software  licensing  fees,  Secure  your 
Data  Center,  Manage  remote  offices  from 
wherever  you  are. 

RELAX.  YOU'RE  IN  CONTROL  NOW. 

1 .  State  of  the  Art  Security 

2.  Industry  Best  Video  Resolution 

3.  Responsive,  Real  Time  Mouse  Control 

4.  24/7  Mission  Critical  Reliability 

5.  Dependable,  Powerful,  Secure,  Guaranteed 


r 

Ultfotink 

Uftrol*n* 
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::  UltraLink™ 

control  up  to  1,000  servers  and  serial 
devices  over  IP 

State  of  the  art  security 
High  resolution 
On-screen  menu 
USB  /  PS2 
Serial  Access 

Single,  Dual,  Quad  models 
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::  UltraMatrix™ 

control  up  to  1,000  computers  and 
network  devices 
Security  system 
High  resolution 
On-screen  menu 
Multi-platform  /  Serial  Access 
2x,  4x,  8x,  16x 
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::  CrystalView™ 

Extends  keyboard,  video,  and 
mouse  signals  up  to  33,000  feet 
Fiber  /  CATx 
DVI  /  VGA 
PS2  /  USB 
High  resolutions 
PC,  Sun,  Audio,  Serial 

. . . . . . .  . . 
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::  RackView™  Sun 

Rack  Drawer  KVM,  1U  or  2U 
15"  17",  or  20"  VGA 
PS/2  or  USB 
Touchpad  or  Trackball 
Optional  Touchscreen 
W/  KVM  Switch 


::  RackView™ 

Panel  Mount  LCD 
15",  17"  19",  or  20" 

VGA  /  (DVI  /  S-Video  19"  only) 
Optional  Touchscreen 
W/  Extenders 


!wew*F^ 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  85057 
+65  6324  2322 
+617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTRONICS  10707  STANCLIFF  HOUSTON,  TEXAS  77099 
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‘Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second”  —  InfoWorld 


♦ 

♦ 

♦ 


♦ 

♦ 


over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and 

converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

optional  API  for  C++,  .NET,  Java,  SQL,  etc.  Ask  about  new  .NET  Spider  API 
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dtSearch  vs.  the  competition: 

“dtSearch  easily  overpowered  the 
document  indexing  and  searching 
abilities  of  other  solutions,  especially 
against  large  volumes  of  documents” 


Reliability:  “dtSearch  got  the  highest 
marks  from  our  systems  engineering 
folks  that  I've  ever  heard  of” 


‘For  combing  through  large  amounts  of 
data,  dtSearch  ...  leads  the  market” 

—  Network  Computing 

‘Blindingly  fast”  —  Computer  Forensics: 
Incident  Response  Essentials 


‘Super  fast,  super-reliable” 

—  The  Wall  Street  Journal 


Results:  “customer  response  has  been 
phenomenal” 


‘A  powerful  arsenal  of  search  tools’ 

—  The  New  York  Times 


For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 


Contact  dtSearch  for  fully-functional 
evaluations 


‘Powerful  Web-based  engines”  —  eWeek 
‘Blazing  speeds” 

—  Computer  Reseller  News  Test  Center 

‘The  most  powerful  document  search  tool 
on  the  market”  —  Wired  Magazine 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


www.  dtsearchrcom' 
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Dealers  Wanted 


Power 
Control 
Interlace 


Modem 
&  Pager  Port 


Tel:  877-373-2700 
www.ims-4000.com 


Monitor  the  REST  of  your  Computer  Room! 


for  Sound 
Monitoring 


Inputs 

(  Temperature,  Hunudtty, 
Water,  Motion,  Po**r, 
Smokt/Rre) 

Expandable 


SENSAPHONE 


901  Tryens  Road 
Aston,  PA  19014 


Power 

Outage 


Internal 

UPS 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Sends 

SNMP 

Messages 


•  Water  on  the  Floor 

•  Temperature 

•  Power  Problems 

•  Security 

•  Smoke  and  Fire 

•  Humidity 

•  Video 

•  And  much  more 


Production  Tracking  Over  Ethernet 

Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
Compute rWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 

Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 

GQV1R  TKKWISL 

Call  1-800-255-3739  or  visit  www.computerwise.com 
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Problems  overwhelming  your  current  sniffer? 


Advance  to  the  next  level  with  Observer  1 1 .  Now  with  enterprise-strength  VoIP  analysis.  Includes  enhanced  VoIP  troubleshooting, 
integrated  NetFlow  and  sFlow®  support,  MultiHop  Analysis,  and  64-bit  Windows  scalability.  It's  time  to  reset  your  analyzer. 


Wired  to  wireless .  LAN  to  WAN.  One  network  -  complete  control. 


NETWORK 

INSTRUMENTS 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 


Server  room 
climate  worries? 


Server  Room 
l8'  Climate  &  Power 

Monitoring 


s 
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How  to  Protect  Using 

ByOlSUtfcf  *'*•*»*' 


Get  our 

free 

book. 


ZrVv 


E-mail  FreeBook@ITWatchDogs.com  with  your 
mailing  address  or  call  us  at  512-257-1462 


mPm 


1.408.727.1122 

iVA'i’AViiKl'J  d  flTfkEGI) 

info@recurrent.com 
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3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054 
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Caro!  Lasker,  Executive  Vice  President,  Sales 
Jane  Weissman,  Sales  Operations  Manager 
Internet:  clasker,  jweissman@nww.com 
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Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 

Internet:  elisas@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 _ 


Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
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Symantec  plans  early-warning  system 

Service  designed  to  sniff  out  phishing  Web  sites. 


BY  ELLEN  MESSMER 

Symantec  is  expected  to  offer  by  the  end 
of  September  an  early-warning  advisory 
service  to  Web  surfers  about  known  phish¬ 
ing  and  otherwise  suspicious  Web  sites. 

Web-site  security  notifications  will  be  pro¬ 
vided  to  any  user  with  XP-based  Norton 
Confidential  software,  which  will  be  sold 


Web  safety 

Symantec's  early-warning  advisory 
service,  Norton  Confidential,  will  help 
users  find  their  way  through  phishing 
and  otherwise  suspicious  Web  sites. 
From  a  PC  the  software  will: 

•  Scan  destination  Web  sites. 

•  Show  an  on-screen  red  indicator  if  a  site  is  a 
known  phishing  or  suspicious  site  and  prevent 
user  access. 

•  Illustrate  via  an  on-screen  green  light  that  the 
site  is  safe  for  transactions. 
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online  at  the  Symantec  Web  site  and  in 
retail  stores,  and  will  play  the  unusual  role 
of  passing  judgment  on  Web  sites’  security 

Symantec  says  it  will  be  attentive  to  the 
possibility  of  false  alerts  by  altering  poor 
ratings  quickly  if  warranted. 

“Any  time  you  are  about  to  share  [logon] 
information  or  passwords,  Norton  Confi¬ 
dential  interacts  with  the  site  to  provide 
immediate  feedback  in  the  browser  at  the 
time  of  the  transaction,”  says  Bill  Rosen- 
krantz,  Symantec’s  director  of  product  man¬ 
agement  in  the  company’s  consumer  prod¬ 
ucts  division. 

“It  scans  the  site  to  see  if  it’s  a  known  bad 
site.  And  on  the  local  machine,  it’s  also  run¬ 
ning  processes  to  scan  for  Trojans  or  other 
malicious  code,”  he  adds. 

Norton  Confidential  will  seek  to  validate 
that  a  Web  site  is  what  it  claims  to  be,  scan¬ 
ning  it  in  dozens  of  ways  to  determine  if 
there’s  anything  suspicious,  such  as  an 
attempt  to  download  malware. 

Norton  Confidential  will  flag  known 
phishing  sites  red  and  remove  Web 
surfers  from  them  at  once.  If  a  site  is 
deemed  to  be  suspicious,  Rosenkrantz 
says,  the  user  will  be  warned  but  allowed 
to  choose  to  proceed.  A  Web  site  with  no 
perceived  security  problems  would  merit 
a  green  indication,  signaling  Norton 
Confidential’s  OK  for  a  user  to  proceed 
with  transactions. 

Rosenkrantz  acknowledges  the  possibili¬ 
ty  that  false  alerts  could  occur  and  says 
Symantec  is  putting  in  place  a  way  users 
can  report  their  findings.  Any  Web  site  that 
believes  it’s  unfairly  rated  could  contact 
Symantec  as  well,  he  adds. 

The  way  Norton  Confidential  will  deter¬ 
mine  Web  site  status  relies  to  some  extent 
on  data  about  flagged  sites  that  will  be 
stored  on  the  user’s  desktop  and  updated 
by  Symantec.  Although  Norton  Confiden¬ 
tial  is  expected  to  include  some  of  the  desk¬ 
top  malware-detection  capabilities  of 
Symantec’s  Norton  AntiVirus  product,  it  can 
only  be  considered  a  subset  of  that  soft¬ 
ware,  Rosenkrantz  says. 

Norton  Confidential  is  expected  to  be 
available  for  the  Macintosh  operating 
system,  though  the  Mac  version  won’t 
have  all  the  features  of  the  Windows  XP 
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version,  which  is  expected  to  go  into 
beta  in  mid-July. 

Pricing  for  Norton  Confidential  has  not 
been  determined  but  is  likely  to  be  $39  to 


$49  per  desktop.  Rosenkrantz  says  Syman¬ 
tec  is  in  discussion  with  online  banking 
and  e-commerce  sites  that  may  sell  Norton 
Confidential  on  their  Web  sites.  ■ 
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BACKSPIN 


Mark  Gibbs 


The  layers  of  network  hell 


Brothers  and  sisters!  We 
are  in  Internet  hell  and  I, 
the  Rev.  Dr.  Mark  Gibbs 
(let  me  hear  you  say, 
“Howdy,  Rev!”),  am  here 
to  show  you  the  way  to  salvation! 

To  escape  Internet  hell  you  must  first  understand  it. 
According  to  Dante,  hell  (the  biblical  kind)  has  nine  cir¬ 
cles.  Internet  hell  is  somewhat  less  complex,  being  made 
up  of  layers  rather  than  circles  —  and  only  seven  of  them 
at  that  (natch).  On  the  other  hand,  compared  with  Dante’s 
vision,  Internet  hell  is  truly,  er,  hellish. 

We  start  at  the  outermost  layer  of  Internet  hell,  the  Layer 
of  the  Unknowing.  Here  you  will  find  the  lost  souls  of  the 
newbies  who  know  not  why  they  are  there  nor  where 
they  are  nor  what  time  zone  they  are  in. They  do  know, 
however,  that  Mrs.  Princess  Mawa,a  widow  in  Cote 
d’Ivoire,  needs  their  assistance  in  a  business  relationship 
regarding  the  transfer  of  $10  million. 

Newbies  are  ferried  across  the  river  TCP/IP  by  the  ferry¬ 
man  AOL.  Clouds  of  spam  rain  down  on  the  newbies,  and 
howls  of  anguish  rise  up  as  they  are  compelled  to  press 
theY  in  response  to  the  question ‘All  files  in  directory  will 
be  deleted!  Are  you  sure  (Y/N)?”  Let  me  hear  you  say 
“Where’s  the  Any  key?” 

The  next  layer  of  Internet  hell  is  the  Layer  of  the  Lustful, 


reserved  for  the  spammers,  the  phishers,  the  hackers  and 
Mrs.  Princess  Mawa,  otherwise  known  as  Clive  Scroggle  of 
Scranton,  Ohio. These  people  should  all  burn  for  eternity 
but  no  one  seems  to  be  able  to  find  them. 

The  Neutrality  Layer,  also  known  as  the  Layer  of  Self- 
interest,  comes  next  (let  me  hear  you  say,“Monopoly  if 
ever  1  saw  one!”)  and  houses  those  otherwise  known  as 
the  telcos. The  telcos  whine  endlessly  about  how  it’s  their 
party  and  they’ll  make  us  cry  if  they  want  to,  but  they 
know  they  need  to  grease  a  lot  more  palms  before  they 
get  their  evil  way 

Of  course,  the  telcos  all  know  they  are  sinners  and  what 
they  do  is  wrong  but,  driven  by  the  demon  Outrageous 
Profit,  they  cannot  help  themselves.They  are  damned  to 
spend  all  eternity  (that’s  roughly  a  financial  quarter) 
buried  up  to  their  armpits  in  customer  complaints. 

The  Layer  of  the  Wrathful  and  Sullen  is  the  resting  place 
of  the  geeks  (let  me  hear  you  say  “Apache!”). This  layer  is 
stuffed  with  those  who  drive  around  with  bumper  stickers 
proclaiming, “The  Internet  is  full,  please  go  away!’  who 
identify  with  Dilbert,and  who  argue  that  the  ’Net  must 
carry  all  traffic  without  preference  or  favor  —  particularly 
if  that  traffic  belongs  to  their  latest  start-up. 

The  next  layer  —  the  Layer  of  the  Gluttonous  and  the 
Avaricious  —  is  the  province  of  the  venture  capitalists 
and  anyone  foolish  enough  to  have  invested  in  Vonage’s 


IPO. The  VCs  writhe  in  the  eternal  torment  of  long  lunches 
and  meetings  with  start-ups  that  all  pitch  their  ideas  for  a 
business  based  on  social  networking  for  hamsters  (let  me 
hear  you  say“Sounds  like  hell  to  me,  and  I’ll  have  another 
glass  of  that  splendid  Chateau  Lafitte.”) 

Now  we  come  to  the  big-time  sinners  in  the  Layer  of  the 
Panderers  and  Seducers.  Here  you  will  find  the  pressure 
groups  such  as  the  Parents  Television  Council  and  the 
American  Family  Association. These  outfits  game  the  sys¬ 
tem  to  promote  their  right-wing,  mainly  faith-based  agen¬ 
das  (let  me  hear  you  say  “Sneaky!”).  This  plays  right  into 
the  interests  of  the  denizens  of  the  next  layer. 

The  Layer  of  Politics  is  where  we  find  the  lackeys  of  the 
government.  Every  inhabitant  walks  continuously  in  cir¬ 
cles  and  agrees  with  whatever  is  said  to  them,  no  matter 
how  illogical  it  might  be.  These  sinners  are  capable  of 
embracing  multiple  competing  policies  simultaneously 
without  having  their  heads  explode.  More’s  the  pity 

And  at  the  center  of  Internet  hell  is  what?  (Let  me  hear 
you  sayTell  us,  Rev!”)  Verily,  brothers  and  sisters,  I  say  unto 
you  that  at  the  center  of  Internet  hell  is  where  we  are!  We 
can  only  fight  the  good  fight,  spread  the  good  word  (see 
RFC3751, “Omniscience  Protocol  Requirements”),  and 
confess  our  network  sins. 

Confessions  to  revgibbs@gibbs.com  or  on  Gibbsblog. 
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News,  insights  and  oddities 


Dot-com  cops  still  asleep  on  the  beat 


Paul  McNamara 


Someone  ought  to  be  hopping-up-and-down  mad 
about  this  "domain-kiting"  nonsense  —  someone 
other  than  GoDaddy  CEO  Bob  Parsons,  who  has 
done  his  fair  share  of  hopping. 

ICANN  would  be  an  obvious  candidate  to  share  Parsons'  pique,  but  its  bureaucratic 
feet  appear  nailed  to  the  floor.  So  too  should  VeriSign  be  bouncing,  but  the  .com  regis¬ 
trar  can't  register  so  much  as  a  bunny  hop  —  at  least  not  at  my  prodding.  And  any  indi¬ 
vidual  or  business  that  needs  a  .com  domain  name  should  be  shaking  at  the  prospect 
of  being  victimized  by  these  bamboozlers. 

Yet  there's  so  little  hopping  . . .  and  I’m  hard-pressed  to  understand  why. 

As  we've  been  chronicling  here  for  the  past  two  months,  the  .com  registration  process 
essentially  has  been  hijacked  by  a  band  of  profiteers  who  collectively  scoop  up  millions 
of  domain  names  every  month  with  little  or  no  expectation  of  using  them  as  they  were 
designed.  Known  variously  as  domain  tasting,  the  add/drop  scheme  and  Parsons’  most 
recent  coinage,  domain  kiting,  the  practice  —  perfectly  legal  —  exploits  a  loophole  in 
ICANN’s  registration  regulations,  along  with  VeriSign’s  apparent  acquiescence,  to  gen¬ 
erate  risk-free  revenue  for  its  practitioners.  A  five-day  grace  period  that  registries 
allow  all  customers  is  what  makes  the  scheme  possible:  Claim  a  name 
—  or  a  million  names  —  and  you've  got  five  days  to  “reconsider"  with¬ 
out  having  incurred  any  expense;  your  deposit  will  be  returned  in  full. 

Here’s  an  excerpt  from  Parsons'  latest  blog  entry:  "Just  over  35  mil¬ 
lion  names  were  registered  for  the  month  of  May.  Of  those  just  over  2.7 
million  were  permanent  registrations.That  means  that  92.3%  of  all 
domain  names  registered  were  part  of  a  scam  now  known  as  domain 
kiting. These  names  were  kept  off  of  the  market,  they  were  used  to 
generate  search-engine  revenue  and  —  because  of  a  loophole  ICANN 
refuses  to  eliminate  —  those  32.3  million  names  were  used  without 
being  paid  for." 
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ICANN  has  told  me  it  doesn’t  intend  to  do  anything  about  domain  kiting  until  some¬ 
one  goes  through  proper  channels  and  files  the  necessary  paperwork.  (Parsons  says 
his  people  have  complained  often  and  loudly  at  ICANN  gatherings.) 

But  what's  up  with  VeriSign?  It's  the  one  covering  the  tab  for  all  these  domain-name 
freeloaders.  I  recently  asked  the  company  for  its  position  on  the  matter. 

“In  response  to  your  question  — VeriSign  has  seen  a  significant  increase  in  this 
activity  over  the  last  couple  of  years,”  a  spokesman  replied  by  e-mail.  "We  have  signifi¬ 
cantly  ramped  our  systems  to  address  the  increased  system  requirements  and  contin¬ 
ually  monitor  system  levels.” 

That  much  we  could  have  guessed.  But  does  VeriSign  consider  the  registration 
shenanigans  a  problem  in  need  of  a  fix,  or  merely  a  cost  of  doing  business?  A  second 
try  brought  this  reply:  "VeriSign  believes  that  until  such  time  as  ICANN  would  make 
any  changes  to  the  system,  we  consider  this  a  cost  of  doing  business." 

So  ICANN  says  someone  needs  to  fill  out  a  trouble  ticket.  And  the  most  obvious 
someone  says  it’s  comfortable  with  the  status  quo  until  ICANN  gets  off  its  can. 

Does  anyone  else  find  this  perfectly  ridiculous?  Parsons  does. 

“VeriSign  isn’t  Santa  Claus,"  he  says.  "They  should  be  doing  something  because 
they're  the  ones  providing  all  the  services  for  the  domain  kiting.  It's 
incredible  that  they  would  not  step  up  and  do  something  about  this,  if 
for  no  other  reason  but  the  good  of  the  Internet.” 

While  it’s  possible  that  ICANN  orVeriSign  may  yet  find  the  resolve  to 
do  the  right  thing  here,  Parsons  believes  the  answer  ultimately  may 
have  to  come  from  Washington. 

"It's  going  to  take  somebody  in  Congress  losing  their  own  domain 
name  to  a  domain  kiter,"  he  says. 

Yes,  indeed,  that  might  generate  a  little  hop-to-it-ness. 


Have  a  better  idea?  Buzz@nww.com  is  the  address. 
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IP  Telephony 


NetVanta  7100 — Everything  a  small  office 
needs  for  voice,  data  and  Internet 


NetVanta  7100: 

A  phone  system  and 
data  network, 

all  in  a  single  device 


The  ADTRAN  NetVanta®  7100  is  the  newest  addition  to  our  field- 
proven  suite  of  NetVanta  switches,  routers  and  VPN/Firewall  solutions. 

This  new  IP  PBX  with  integrated  switch-router — an  Office  in  a  Box — 
provides  a  complete  solution  for  growing  small  and  medium 
businesses.  Your  office  communications  can  be  up  and  running 
quickly  and  smoothly  with  this  converged  IP  platform. 


Imagine  a  comprehensive  telephony  and  data  networking 
solution  that  consolidates  voice,  data,  Internet  and  security - 
all  in  a  single  device. 


High  costs  for  communications  are  now  a  thing  of  the  past. 

With  ADTRAN,  you  can  easily  low7er  your  total  cost  of  ownership.  Every 
NetVanta  includes  ADTRAN’s  100%  satisfaction  guarantee,  backed 
by  industry-leading  technical  support  (before  and  after  the  sale), 
free  firmware  upgrades ,  and  a  full  5-year  warranty. 


www.adtran.com/ipt 
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Remember  when  technology 
had  the  ability  to  amaze  you? 


Believe  again. 

Now  you  can  believe  in  a  new  kind  of  IT  management.  Unified  and  simplified  to  make  your 
business  more  productive,  nimble,  competitive  and  secure. 

We  all  know  that  companies  are  demanding  more  from  IT  —  expecting  IT  to  be  a  strategic 
and  competitive  advantage.  Yet  today's  complex  IT  environments  require  you  to  manage 
across  point  solutions,  siloed  organizations  and  redundant  technology. 

A  better  alternative?  Choose  an  integrated  approach  to  IT  management.  An  approach  in 
which  software  unifies  your  people,  processes  and  technology  to  increase  efficiency  and 
optimization.  Only  one  global  software  company  can  do  that.  CA,  formerly  known  as 
Computer  Associates,  has  focused  solely  on  IT  management  software  for  over  30  years. 

Our  technology  vision  that  makes  this  promise  real  is  called  Enterprise  IT  Management, 
or  EITM.  At  its  heart  is  the  CA  Integration  Platform  —  a  common  foundation  of  shared 
services  that  gives  you  real-time,  dynamic  control  and  flexibility.  Its  greatest  benefit? 

CA  software  solutions  come  to  you  already  integrated,  and  able  to  integrate  with  your 
existing  technology  to  optimize  your  entire  IT  environment. 

Ultimately,  a  well-managed  IT  environment  gives  you  the  visibility  and  control  you  need 
to  manage  risk,  manage  costs,  improve  service  and  align  IT  investments.  To  learn  more 
about  how  CA  and  our  wide  array  of  partners  can  help  you  unify  and  simplify  your  IT 
management,  visit  ca.com/unify. 
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